Easy To Use Patents Search & Patent Lawyer Directory

At Patents you can conduct a Patent Search, File a Patent Application, find a Patent Attorney, or search available technology through our Patent Exchange. Patents are available using simple keyword or date criteria. If you are looking to hire a patent attorney, you've come to the right place. Protect your idea and hire a patent lawyer.

Method and apparatus for establishing a security policy, and method and
apparatus for supporting establishment of security policy

Abstract

There are provided a method of efficiently establishing a security policy
and an apparatus for supporting preparation of a security policy.
According to a method of establishing a security policy in six steps, a
simple security policy draft is first prepared. The security policy draft
is adjusted so as to match realities of an organization, as required,
thus completing a security policy stepwise. Therefore, a security policy
can be established in consideration of a schedule or budget of the
organization.

Inventors:

Sugimoto, Takahiro; (Chuo-ku, JP)

Correspondence Address:

OLIFF & BERRIDGE, PLC
P.O. BOX 19928
ALEXANDRIA
VA
22320
US

Assignee:

Asgent, Inc.Chuo-kuJP

Serial No.:

853708

Series Code:

09

Filed:

May 14, 2001

Current U.S. Class:

726/1

Class at Publication:

713/200

International Class:

G06F 011/30

Foreign Application Data

Date

Code

Application Number

Jun 1, 2000

JP

2000-164819

Apr 27, 2001

JP

2001-132177

Claims

What is claimed is:

1. A method of establishing a security policy for a predetermined
organization, the method comprising: a draft preparation step of
preparing a security policy draft; an analysis step of examining a
difference between the security policy draft and realities of the
organization; and an adjustment step of adjusting the security policy
draft on the basis of the difference or adjusting operation rules of an
actual information system belonging to the organization on the basis of
the difference.

2. The method of establishing a security policy according to claim 1,
wherein the draft preparation step comprises: a preparation step of
preparing inquiries to be submitted to members of an organization; an
inquiry step of submitting the prepared inquiries to the members; an
answer acquisition step of acquiring from the members answers to the
inquiries; and a drafting step of preparing a security policy draft on
the basis of the answers.

3. The method of establishing a security policy according to claim 2,
wherein the preparation step involves preparation of inquiries on the
basis of job specifications of members to be inquired.

4. The method of establishing a security policy according to claim 2,
wherein the answer acquisition step includes at least one of the steps
of: integrating the answers acquired from a single member from among the
acquired answers and storing the integrated answers into storage means as
answers of a single member to be inquired; re-submitting inquiries to
members if contradictory answers are included in the answers, to thereby
resolve contradiction, and storing the answers into the storage means;
and assigning weights to answers according to job specifications of the
members to be inquired if contradictory answers are included in the
answers, to thereby estimate answers and show the estimated answers.

5. The method of establishing a security policy according to claim 2,
wherein the analysis step comprises at least one of: a contradiction
inspection step of inspecting whether or not contradictory answers are
included in the answers; a first difference detection step of inspecting
a difference between an information system virtually designed on the
basis of the answers and the security policy, by means of comparison; and
a second difference detection step of verifying the virtually-designed
information system by means of examination of a real information system
and inspecting a difference between the verified information system and
the security policy draft by means of comparison.

6. The method of establishing a security policy according to claim 5,
further comprising a measurement step of devising measures addressing the
inspected difference in conjunction with the priority of the measures.

7. The method of establishing a security policy according to claim 1,
further comprising a diagnosis step of diagnosing the security state of
the organization, wherein a result of diagnosis performed in the
diagnosis step is submitted to the organization, wherewith the
organization can become conscious of a necessity for a security policy.

8. The method of establishing a security policy according to claim 6,
further comprising: a priority planning step of planning, in sequence of
priority, implementation of the security measures which have been devised
with priority, thereby embodying a budget of the organization.

9. The method of establishing a security policy according to claim 8,
wherein the security measures comprise constructing a system for managing
the establishing a security policy: introduction of a security system;
training for compelling employees to respect a security policy; analysis
of system logs; monitoring of a network; auditing operations on the basis
of the security policy; and reviewing the security policy.

10. The method of establishing a security policy according to claim 8,
further comprising: a security enhancement measures implementation step
of implementing the security measures in accordance with the plan.

11. A method of establishing a security policy comprising: a preparation
step of preparing inquiries to be submitted to members of an
organization; an inquiry step of submitting the prepared inquiries to the
members; an answer acquisition step of acquiring from the members answers
to the inquiries; and an establishment step of establishing a security
policy on the basis of the answers.

12. The method of establishing a security policy according to claim 11,
wherein the preparation step involves preparation of inquiries on the
basis of job specifications of members to be inquired.

13. The method of establishing a security policy according to claim 11,
wherein the answer acquisition step includes at least one of the steps
of: integrating the answers acquired from a single member from among the
acquired answers and storing the integrated answers into storage means as
answers of a single member to be inquired; re-submitting inquiries to
members if contradictory answers are included in the answers, to thereby
resolve contradictions and storing the answers into the storage means;
and assigning weights to answers according to job specifications of the
members to be inquired if contradictory answers are included in the
answers, to thereby estimate answers and display the estimated answers.

14. The method of establishing a security policy according to claim 11,
wherein the establishment step involves establishment of three levels of
security policies: namely, an executive-level security policy which
describes the organization's concept and policy concerning information
security, in conformity with global guidelines; a corporate-level
security policy which describes an information security system embodying
the executive-level security policy; and a product-level security policy
which describes measures to implement the executive-level security policy
with reference to the corporate-level security policy.

15. The method of establishing a security policy according to claim 14,
wherein the corporate-level security policy describes standards for the
information security system of the overall organization; and standards
for individual equipments constituting the information security system of
the organization.

16. The method of establishing a security policy according to claim 14,
wherein the product-level security policy includes two types of
product-level policies; namely, a first-level security policy describing
settings of individual equipment constituting the information security
system in natural language; and a second-level security policy describing
settings of individual equipment constituting the information security
system in specific language used in specific equipments.

17. The method of establishing a security policy according to claim 11,
further comprising an analysis step of examining a difference between the
security policy draft and realities of the organization; the analysis
step further comprising at least one of a contradiction inspection step
of inspecting whether or not contradictory answers are included in the
answers; a first difference detection step of inspecting a difference
between the security policy and an information system virtually designed
on the basis of the answers, by means of comparison; and a second
difference detection step of verifying the virtually-designed information
system by means of examination of a real information system and
inspecting a difference between the verified information system and the
security policy draft, by means of comparison.

18. The method of establishing a security policy according to claim 17,
further comprising a measurement step of devising measures to the
inspected difference, in conjunction with the priority of the measures.

19. An apparatus of establishing a security policy comprising: inquiry
preparation means for preparing inquiries to be submitted to members of
an organization; storage means for storing answers to the inquiries;
answer archival storage means for acquiring from the members the answers
to the inquiries and storing the answers into the storage means; and
establishment means for establishing a security policy on the basis of
the answers stored in the storage means.

20. The apparatus for establishing a security policy according to claim
19, wherein the inquiry preparation means prepares inquiries to be
submitted to the members to be inquired, on the basis of job
specifications of the members to be inquired.

21. The apparatus for establishing a security policy according to claim
19, wherein the answer archival storage means integrates the answers
acquired from a single member from among the acquired answers and stores
the integrated answers into the storage means as answers of a single
member to be inquired; or re-submits inquiries to members if
contradictory answers are included in the answers, to thereby resolve
contradiction, and stores the answers into the storage means; or assigns
weights to answers according to job specifications of the members to be
inquired if contradictory answers are included in the answers, to thereby
estimate answers and display the estimated answers.

22. The apparatus for establishing a security policy according to claim
19, wherein the establishment means establishes three levels of security
policies: namely, an executive-level security policy which describes the
organization's concept and policy concerning information security, in
conformity with global guidelines; a corporate-level security policy
which describes an information security system embodying the
executive-level security policy; and a product-level security policy
which describes measures to implement the executive-level security policy
with reference to the corporate-level security policy.

23. The apparatus for establishing a security policy according to claim
22, wherein the corporate-level security policy describes standards for
the information security system of the overall organization; and
standards for individual equipments constituting the information security
system of the organization.

24. The apparatus for establishing a security policy according to claim
22, wherein the product-level security policy includes two types of
product-level policies; namely, a first-level security policy describing
settings of individual equipments constituting the information security
system in natural language; and a second-level security policy describing
settings of individual equipments constituting the information security
system in specific language used in specific equipments.

25. A method of assessing the state of security of an organization, the
method comprising: an inquiry preparation step of preparing inquiries to
be submitted to members of an organization; an inquiry step of submitting
the prepared inquiries to the members; an answer acquisition step of
acquiring from the members answers to the inquiries; and a security state
assessment step of assessing the state of security on the basis of the
answers.

26. The method of assessing the state of security of an organization
according to claim 25, wherein the inquiry preparation step involves
preparation of inquiries on the basis of job specifications of members to
be inquired.

27. The method of assessing the state of security of an organization
according to claim 25, wherein the answer acquisition step involves
integration of previous answers and acquired answers in a case where the
answers are provided by an member to be inquired who has provided answers
before, and involves storage of the integrated answers into storage means
as answers from a single member to be inquired.

28. The method of assessing the state of security of an organization
according to claim 25, wherein the assessment of a security state
includes assessment of security of the organization; average assessment
of security of the other organizations included in an industry to which
the organization pertains; and the highest security assessment which is
considered to be attainable by organizations in the industry to which the
organization pertains.

29. The method of assessing the state of security of an organization
according to claim 25, wherein the assessment of a security state
includes scores assigned to the following items; namely, understanding
and attitude concerning security; a security system of the organization;
response to unexpected accidents; preparation of a budget for security;
and measures to improve security.

30. An apparatus of assessing the state of security of an organization,
the apparatus comprising: preparation means of preparing inquiries to be
submitted to members of the organization; storage means for storing
answers to the inquiries; answer archival storage means of acquiring from
the members the answers to the inquiries and storing the answers into the
storage means; and security maturity preparation means for preparing a
security maturity report representing the degree of maturity of security,
on the basis of the answers stored in the storage means.

31. The apparatus for assessing the state of security of an organization
according to claim 30, wherein the answer archival storage means
integrates previous answers and acquired answers in a case where the
answers are provided by a member to be inquired who has provided answers
before, and stores the integrated answers into the storage means as
answers from a single member to be inquired.

32. The apparatus for assessing the state of security of an organization
according to claim 30, wherein the security maturity report includes the
degree of maturity of the organizations security; the average degree of
maturity of security of other organizations included in an industry to
which the organization pertains; and the highest degree of maturity of
security which is considered to be attainable by organizations in the
industry to which the organization pertains.

33. The apparatus for assessing the state of security of an organization
according to claim 30, wherein the security maturity report includes
scores assigned to the following items; namely, understanding and
attitude concerning security; a security system of the organization;
response to unexpected accidents; preparation of a budget for security;
and measures to improve security.

34. An analyzer for analyzing a difference between a security policy and
an information system of an organization, comprising contradiction
inspection means for inspecting whether or not contradiction exists
between individual answers in response to inquiries submitted to members
of the organization; and contradiction output means for outputting
information about the inspected contradiction.

35. The analyzer for analyzing a difference between a security policy and
an information system of an organization according to claim 34, further
comprising: indicating means for indicating the contradiction on the
basis of the information about contradiction; establishment means for
virtually establishing an information system for the organization on the
basis of the answers free of contradiction; and difference output means
for outputting a difference between the configuration of the
virtually-established information system and a security policy, by means
of comparison.

36. The analyzer for analyzing a difference between a security policy and
an information system of an organization according to claim 35, further
comprising: real system input means for examining the information system
of the organization and entering the configuration of the information
system; and difference output means which verifies the
virtually-established information system by reference to the
configuration of the information system and outputs a difference between
a security policy and the configuration of the virtually-established
information system which has been verified, by means of comparison.

37. The method of establishing a security policy according to claim 2,
wherein, in the inquiry preparation step, the inquiries are generated in
accordance with the line of business of the organization.

38. The method of establishing a security policy according to claim 11,
wherein, in the inquiry preparation step, the inquiries are generated in
accordance with the line of business of the organization.

39. The security policy establishment apparatus according to claim 19,
wherein the inquiry preparation means generates inquiries to be submitted
to an interviewee in accordance with the line of business of the
organization.

40. The method of establishing a security policy according to claim 2,
wherein, in the drafting step, a security policy is established on the
basis of recommendations or regulations aimed at a specific line of
business.

41. The method of establishing a security policy according to claim 11,
wherein, in the establishment step, a security policy is established on
the basis of recommendations or regulations aimed at a specific line of
business.

42. The security policy establishment apparatus according to claim 19,
wherein the establishment means establishes a security policy on the
basis of items of recommendations or regulations aimed at a specific line
of business.

43. The method of establishing a security policy according to claim 2,
wherein, in the drafting step, a security policy is established on the
basis of items of global guidelines of one or a plurality of types
prescribed by a user.

44. The method of establishing a security policy according to claim 43,
wherein, in the inquiry preparation step, inquiries are generated on the
basis of items of global guidelines of one or a plurality of types
prescribed by a user.

45. The method of establishing a security policy according to claim 11,
wherein, in the establishment step, a security policy is established on
the basis of items of global guidelines of one or a plurality of types
prescribed by a user.

46. The method of establishing a security policy according to claim 45,
wherein, in the inquiry preparation step, inquiries are generated on the
basis of items of global guidelines of one or a plurality of types
prescribed by a user.

47. The security policy establishment apparatus according to claim 19,
wherein the establishment means establishes a security policy on the
basis of items of global guidelines of one or a plurality of types
prescribed by a user.

48. The security policy establishment apparatus according to claim 47,
wherein the inquiry preparation means generates inquiries to be submitted
to interviewees, on the basis of items of global guidelines of one or a
plurality of types prescribed by a user.

49. The method of establishing a security policy according to claim 2,
wherein, in the establishment step, a security policy is established on
the basis of an indicator of rigorousness of security policy prescribed
by the user.

50. The method of establishing a security policy according to claim 49,
wherein, in the inquiry preparation step, the inquiries are generated on
the basis of an indicator of rigorousness of security policy prescribed
by the user.

51. The method of establishing a security policy according to claim 11,
wherein, in the establishment step, a security policy is established on
the basis of an indicator of rigorousness of security policy prescribed
by the user.

52. The method of establishing a security policy according to claim 51,
wherein, in the inquiry preparation step, the inquiries are generated on
the basis of an indicator of rigorousness of security policy prescribed
by the user.

53. The security policy establishment apparatus according to claim 19,
wherein the establishment means establishes a security policy on the
basis of an indicator of rigorousness of security policy prescribed by
the user.

54. The security policy establishment apparatus according to claim 53,
wherein the inquiry preparation means generates inquiries, on the basis
of an indicator of rigorousness of security policy prescribed by the
user.

55. A security policy rigorousness adjustment method for adjusting the
level of rigorousness of a security policy, comprising: a rigorousness
adjustment step of replacing the rules which have been determined not to
match the indicator of rigorousness prescribed by a user with rules
matching the indicator; and a merge and output step of merging the rules
matching the indicator of rigorousness from the beginning with the rules
that in the rigorousness adjustment step have replaced the rules not
matching the indicator and of outputting the merged rules.

56. A security policy rigorousness adjustment apparatus for adjusting the
level of rigorousness of a security policy, comprising: rigorousness
adjustment means for replacing the rules which have been determined not
to match the indicator of rigorousness prescribed by a user with rules
matching the indicator; and merge and output means for merging the rules
matching the indicator of rigorousness from the beginning with the rules
which in the rigorousness adjustment means have replaced the rules not
matching the indicator and for outputting the merged rules.

57. A method of establishing a security policy of a predetermined
organization, comprising: an inquiry preparation step of generating
inquiries which pertain to items required for establishing a security
policy of the organization and are to be submitted to members of the
organization; an inquiry step of submitting the generated inquiries to
the members; an answer acquisition step of acquiring from the members
answers to the inquiries; and an establishment step of establishing a
security policy draft on the basis of the answers, wherein, in the
establishment step, a security policy with in a range of establishment
prescribed by the user is established.

58. The method of establishing a security policy according to claim 57,
wherein, in the inquiry preparation step, inquiries pertaining to the
range of establishment prescribed by the user are generated.

59. A security policy establishment apparatus for establishing a security
policy of a predetermined organization, comprising: inquiry preparation
means for generating inquiries which pertain to items required for
establishing a security policy of the organization and are to be
submitted to members of the organization; storage means for storing
answers to the generated inquiries; answer archival storage means for
acquiring answers to the generated inquiries and storing the answers into
the storage means; and establishment means for establishing a security
policy within the range of establishment prescribed by the user.

60. The security policy establishment apparatus according to claim 59,
wherein the inquiry preparation means generates inquiries pertaining to
the range of establishment prescribed by the user.

61. A computer-readable recording medium having recorded thereon a program
for causing a computer to perform: inquiry preparation procedures for
generating inquiries which pertain to items required for establishing a
security policy of the organization and are to be submitted to members of
the organization; answer archival procedures for entering answers to the
generated inquiries and storing the answers into storage means; and
establishment procedures for establishing a security policy on the basis
of the answers stored in the storage means.

62. The recording medium according to claim 61, wherein, in the inquiry
preparation procedures, inquiries to be submitted to interviewees are
generated on the basis of job specifications of the interviewees.

63. The recording medium according to claim 61, wherein, in the answer
archival procedures, the answers acquired from a single member from among
the acquired answers are integrated, and the integrated answers are
stored into the storage means as answers of a single member to be
inquired; or weights are assigned to answers according to job
specifications of the members to be inquired if contradictory answers are
included in the answers, to thereby estimate final answers and display
the estimated final answers.

64. The recording medium according to claim 61, wherein, in the inquiry
preparation procedures, inquiries to be submitted to the interviewees are
generated on the basis of the line of business of the organization.

65. The recording medium according to claim 61, wherein, in the
establishment procedures, a security policy is established on the basis
of items of global guidelines of one or a plurality of types prescribed
by a user.

66. The recording medium according to claim 61, wherein, in the inquiry
preparation procedures, the inquiries are generated on the basis of an
indicator of rigorousness of security policy prescribed by the user.

67. The recording medium according to claim 61, wherein, in the
establishment procedures, a security policy within a range of
establishment prescribed by the user is established.

68. A computer-readable recording medium having recorded thereon a program
for causing a computer to perform: inquiry preparation procedures for
outputting inquiries which pertain to items required for evaluating the
degree of maturity of security of a predetermined organization and are to
be submitted to members of the organization; answer archival procedures
for entering answers to the outputted inquiries and storing the answers
into storage means; and security maturity preparation procedures for
preparing a security maturity report representing the degree of maturity
of security, on the basis of the answers stored in the storage means.

69. The recording medium according to claim 68, wherein the inquiry
preparation means generates inquiries to be submitted to interviewees, on
the basis of job specifications of the interviewees.

70. A computer-readable recording medium having recorded thereon a program
for causing a computer to perform: contradiction inspection procedures
for inspecting whether or not contradiction exists between individual
answers submitted in response to inquiries which pertain to items
required for ascertaining a difference between a security policy of the
predetermined organization and an information system of the organization
and which have been submitted to members of a predetermined organization;
and contradiction output procedures for outputting information about the
inspected contradiction.

71. The recording medium according to claim 70, further comprising:
indicating procedures for indicating the contradictions on the basis of
the information about contradiction; establishment procedures for
virtually establishing the configuration of an information system of the
organization, on the basis of the answers free of contradictions; and
difference output procedures for outputting a difference between the
configuration of the virtually-established information system and the
security policy, obtained by means of comparison.

72. A computer-readable recording medium having recorded thereon a program
for causing a computer to perform: rigorousness adjustment procedures for
replacing the rules which have been determined not to match the indicator
of rigorousness prescribed by a user with rules matching the indicator of
rigorousness; and merge and output procedures for merging the rules
matching the indicator of rigorousness from the beginning with the rules
which in the rigorousness adjustment procedure have replaced the rules
not matching the indicator and for outputting the merged rules.

73. A program for causing a computer to perform: inquiry preparation
procedures for generating inquiries which pertain to items required for
establishing a security policy of a predetermined organization and are to
be submitted to members of the organization; answer archival procedures
for entering answers to the generated inquiries and storing the answers
into storage means; and establishment procedures for establishing a
security policy on the basis of the answers stored in the storage means.

74. The program according to claim 73, wherein, in the inquiry preparation
procedures, inquiries to be submitted to interviewees are generated on
the basis of job specifications of the interviewees.

75. The program according to claim 73, wherein, in the answer archival
procedures, the answers acquired from a single member from among the
acquired answers are integrated, and the integrated answers are stored
into the storage means as answers of a single member to be inquired; or
weights are assigned to answers according to job specifications of the
members to be inquired if contradictory answers are included in the
answers, to thereby estimate final answers and display the estimated
final answers.

76. The program according to claim 73, wherein, in the inquiry preparation
procedures, inquiries to be submitted to the interviewees are generated
on the basis of the line of business of the organization.

77. The program according to claim 73, wherein, in the establishment
procedures, a security policy is established on the basis of items of
global guidelines of one or a plurality of types prescribed by a user.

78. The recording medium according to claim 73, wherein, in the inquiry
preparation procedures, the inquiries are generated on the basis of an
indicator of rigorousness of security policy prescribed by the user.

79. The recording medium according to claim 73, wherein, in the
establishment procedures, a security policy within a range of
establishment prescribed by the user is established.

80. A program for causing a computer to perform: inquiry preparation
procedures for outputting inquiries which pertain to items required for
evaluating the degree of maturity of security of a predetermined
organization and are to be submitted to members of the organization;
answer archival procedures for entering answers to the outputted
inquiries and storing the answers into storage means; and security
maturity preparation procedures for preparing a security maturity report
representing the degree of maturity of security, on the basis of the
answers stored in the storage means.

81. A program for causing a computer to perform: contradiction inspection
procedures for inspecting whether or not contradiction exits between
individual answers in response to inquiries which pertain to items
required for ascertaining a difference between a security policy of the
predetermined organization and an information system of the organization
and which have been submitted to members of a predetermined organization;
and contradiction output procedures for outputting information about the
inspected contradiction.

82. The program according to claim 81, further comprising: matching
procedures for matching the answers on the basis of the information about
contradiction, thus producing answers free of contradiction;
establishment procedures for virtually establishing the configuration of
an information system of the organization, on the basis of the answers
produced by the matching procedure; and difference output procedures for
outputting a difference between the configuration of the
virtually-established information system and the security policy,
obtained by means of comparison.

83. A program for causing a computer to perform: level-of-rigorousness
inspection procedures for inspecting whether or not individual rules of
the security policy match an indicator of rigorousness prescribed by a
user; rigorousness adjustment procedures for replacing the rules which
have been determined not to match the indicator in the
level-of-rigorousness inspection procedure with rules matching the
indicator of rigorousness; and merge and output procedures for merging
the rules matching the indicator of rigorousness from the beginning with
the rules which in the rigorousness adjustment procedure have replaced
the rules not matching the indicator and for outputting the merged rules.

Description

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] The present invention relates to establishment of a so-called
security policy. More particularly, the present invention relates to a
method and apparatus which enable immediate establishment of a security
policy suitable for an individual organization, as well as to a method
and apparatus for supporting establishment of a security policy.

[0003] 2. Background Art

[0004] In association with development of information technology, the
importance of information security increases. Every organization takes
various measures for protecting internal information.

[0005] For example, a firewall is set at an interface for establishing
connection with an external network, thereby preventing unauthorized
intrusion of the outsider into an internal network of the organization,
or unauthorized access to internal information.

[0006] In order to combat computer viruses or the like, virus
detection/combat software is employed for monitoring computers disposed
in the organization. Throughout the specification, the expression
"organization" signifies an enterprise, a federal or municipal agency, a
corporation such as a legally-incorporated foundation, or any other party
or organized group.

[0007] As mentioned above, various measures have hitherto been taken for
ensuring information security.

[0008] If such measures are independently or separately discussed or
reviewed, ensuring the security level of the entire organization becomes
difficult.

[0009] For instance, no matter how well a firewall is enhanced, if third
parties can freely enter the organization's building and have an
opportunity to operate a terminal, the security level of the entire
organization is considerably deteriorated.

[0010] Even if virus detection software is used, if updating of software
for opposing new viruses is neglected, the software cannot combat newly
created computer viruses.

[0011] In order to enhance the information security level of the entire
organization, there must be devised a method for designing and
implementing information security of the entire organization. Such a
designing and implementation method (or a group of designing and
implementation methods) is generally called a security policy.

[0012] Various proposals concerning basic headings and contents for
establishing a standard security policy have already been put forward as
international guidelines. As a matter of course, the headings and
contents must be individually tailored to the organization.

[0013] Therefore, there still remains a necessity for establishing a
security policy on a per-organization basis; security policies cannot be
mass-produced. Thus, establishment of an individual security policy
involves consumption of much time and effort.

[0014] Further, contents of a security policy must be changed with elapse
of time. For instance, in a case where a corporate organizational
structure has been changed, usage value and risk assessment of existing
information must be changed correspondingly.

[0015] A common method concerning establishment of a security policy and
making periodic amendments to the security policy has not been known. For
this reason, individual systems engineer has had to establish or amend a
security policy through experience and guess work. As a result,
establishment of or making amendments to a security policy consumes an
enormous amount of manpower. It is assumed that amendments may fail to
catch up with a change in the actual circumstances (hereinafter called
"reality") of an organization.

[0016] It has often bee seen that a wide difference arises between a
security policy and the reality of an organization, thereby imposing
difficulty in establishing and sustaining enhanced information security.

[0017] The present invention has been conceived in light of the foregoing
drawbacks of the background art and is aimed at providing a method of
efficiently establishing a security policy, as well as an apparatus for
supporting establishment of a security policy.

SUMMARY OF THE INVENTION

[0018] To this end, the present invention provides a method of
establishing a security policy for a predetermined organization, the
method comprising:

[0019] a draft preparation step of preparing a security policy draft;

[0020] an analysis step of examining a difference between the security
policy draft and realities of the organization; and

[0021] an adjustment step of adjusting the security policy draft on the
basis of the difference or adjusting operation rules of an actual
information system belonging to the organization on the basis of the
difference.

[0022] By means of such a configuration, a security policy can be
established stepwise, thereby enabling efficient establishment of a
security policy.

[0023] Preferably, the draft preparation step comprises: a preparation
step of preparing inquiries to be submitted to members of an
organization;

[0024] an inquiry step of submitting the prepared inquiries to the
members;

[0025] an answer acquisition step of acquiring from the members answers to
the inquiries; and

[0026] a drafting step of preparing a security policy draft on the basis
of the answers.

[0027] By means of such a configuration, a security policy draft can be
prepared on the basis of inquiries.

[0028] Preferably, the preparation step involves preparation of inquiries
on the basis of job specifications of members to be inquired.

[0029] Since inquiries are prepared according to a job specification of an
member to be inquired, inquiries can be submitted efficiently.

[0030] Preferably, the answer acquisition step includes at least one of
the steps of:

[0031] integrating the answers acquired from a single member from among
the acquired answers and storing the integrated answers into storage
means as answers of a single member to be inquired;

[0032] re-submitting inquiries to members if contradictory answers are
included in the answers, to thereby resolve contradiction, and storing
the answers into the storage means; and

[0033] assigning weights to answers according to job specifications of the
members to be inquired if contradictory answers are included in the
answers, to thereby estimate answers and display the estimated answers.

[0034] Such a configuration enables integration of answers in a case where
a plurality of inquirers separately submit inquiries to members to be
inquired.

[0035] Preferably, the analysis step comprises at least one of:

[0036] a contradiction inspection step of inspecting whether or not
contradictory answers are included in the answers;

[0037] a first difference detection step of inspecting a difference
between an information system virtually designed on the basis of the
answers and the security policy by means of comparison; and

[0038] a second difference detection step of verifying the
virtually-designed information system by means of examination of a real
information system and inspecting a difference between the verified
information system and the security policy draft by means of comparison.

[0039] Such a configuration enables finding of contradiction between
answers and detection of a difference between a real information system
and a security policy.

[0040] Preferably, the method of establishing a security policy further
comprises a measurement step of devising measures addressing the
inspected difference, in conjunction with the priority of the measures.

[0041] Such a configuration enables devising of measures with assigned
priorities.

[0042] Preferably, the method of establishing a security policy further
comprises a diagnosis step of diagnosing the security state of the
organization, wherein a result of diagnosis performed in the diagnosis
step is submitted to the organization, wherewith the organization can be
come conscious of a necessity for a security policy.

[0043] Such a configuration enables ascertainment of security status of
the organization.

[0044] Preferably, the method of establishing a security policy further
comprises a priority planning step of planning, in sequence of priority,
implementation with priority of the security measures which have been
devised, thereby embodying a budget of the organization.

[0045] Such a configuration enables implementation of security measures in
a premeditated manner, thereby facilitating preparation of a budget.

[0046] Preferably, the security measures comprise constructing a system
for managing the establishing a security policy;

[0047] introduction of a security system;

[0048] training for compelling members respect a security policy;

[0049] analysis of system logs;

[0050] monitoring of a network;

[0051] auditing operations on the basis of the security policy; and

[0052] reviewing the security policy.

[0053] Since the security measures involve training of members as well as
introduction of information security equipment, thereby enabling
attainment of a higher degree of information security.

[0054] Preferably, the method of establishing a security policy further
comprises a security enhancement measures implementation step of
implementing the security measures in accordance with the plan.

[0055] Such a configuration enables smooth implementation of security
measures.

[0056] The present invention also provides a method of establishing a
security policy comprising:

[0057] a preparation step of preparing inquiries to be submitted to
members of an organization;

[0058] an inquiry step of submitting the prepared inquiries to the
members;

[0059] an answer acquisition step of acquiring from the members answers to
the inquiries; and

[0060] an establishment step of establishing a security policy on the
basis of the answers.

[0061] By means of such a configuration, a security policy draft can be
prepared on the basis of inquiries.

[0062] Preferably, the preparation step involves preparation of inquiries
on the basis of job specifications of members to be inquired.

[0063] Since inquiries are prepared according to a job specification of an
member to be inquired, inquiries can be submitted efficiently.

[0064] Preferably, the answer acquisition step includes at least one of
the steps of:

[0065] integrating the answers acquired from a single member from among
the acquired answers and storing the integrated answers into storage
means as answers of a single member to be inquired;

[0066] re-submitting inquiries to members if contradictory answers are
included in the answers, to thereby resolve contradiction, and storing
the answers into the storage means; and

[0067] assigning weights to answers according to job specifications of the
members to be inquired if contradictory answers are included in the
answers, to thereby estimate answers and display the estimated answers.

[0068] Such a configuration enables integration of answers in a case where
a plurality of inquirers separately submit inquiries to members to be
inquired.

[0070] an executive-level security policy which describes the
organization's concept and policy concerning information security in
conformity with global guidelines;

[0071] a corporate-level security policy which describes an information
security system embodying the executive-level security policy; and

[0072] a product-level security policy which describes measures to
implement the executive-level security policy with reference to the
corporate-level security policy.

[0073] Since three levels of security policies are established, a
hierarchical security policy can be obtained. Here, the measures to
implement the executive-level security policy with reference to the
corporate-level security policy includes operation rules for utilizing
the security policies, as well as hardware and software.

[0074] Preferably, the corporate-level security policy describes standards
for the information security system of the overall organization; and
standards for individual equipments constituting the information security
system of the organization.

[0075] Such a configuration clarifies a security policy for the entire
organization and a security policy for individual pieces of equipment.
Here, equipment is a concept including networks, hosts, and applications.

[0076] Preferably, the product-level security policy includes two types of
product-level policies; namely,

[0077] a first-level security policy describing settings of individual
equipments constituting the information security system in natural
language; and

[0078] a second-level security policy describing settings of individual
equipments constituting the information security system in specific
language used in specific equipments.

[0081] a contradiction inspection step of inspecting whether or not
contradictory answers are included in the answers; and

[0082] a difference detection step of inspecting whether or there is a
difference between an information system virtually designed on the basis
of the answers and a real information system of the organization.

[0083] Such a configuration enables efficient detection of contradiction
or difference.

[0084] Preferably, the method of establishing a security policy further
comprises a measurement step of devising measures addressing the
inspected difference, in conjunction with the priority of the measures.

[0085] Since measures are devised in conjunction with priorities thereof,
planning for implementing information security is facilitated.

[0086] The present invention also provides an apparatus of establishing a
security policy comprising:

[0087] inquiry preparation means of preparing inquiries to be submitted to
members of an organization;

[0088] storage means for storing answers to the inquiries;

[0089] answer archival storage means for acquiring from the members the
answers to the inquiries and storing the answers into the storage means;
and

[0090] establishment means for establishing a security policy on the basis
of the answers stored in the storage means.

[0091] Since inquiries to be submitted to members are prepared, inquiry
operations are facilitated. Here, the expression "member" signifies any
individual associated with an information system of the organization.
Therefore, members include part-time employees and employees of
affiliated corporations, as well as employees of an organization of
interest.

[0092] Preferably, the inquiry preparation means prepares inquiries to be
submitted to the members to be inquired, on the basis of job
specifications of the members to be inquired.

[0093] Since inquiries are prepared according to a job specification of an
member to be inquired, inquiries can be submitted efficiently.

[0094] Preferably, the answer archival storage means integrates the
answers acquired from a single member from among the acquired answers and
stores the integrated answers into the storage means as answers of a
single member to be inquired; or

[0095] re-submits inquiries to members if contradictory answers are
included in the answers, to thereby resolve contradiction, and stores the
answers into the storage means; or

[0096] assigns weights to answers according to job specifications of the
members to be inquired if contradictory answers are included in the
answers, to thereby estimate answers, and display the estimated answers.

[0097] Such a configuration enables integration of answers while ensuring
a match among the answers in a case where a plurality of inquirers
separately submit inquiries to members to be inquired.

[0099] an executive-level security policy which describes the
organization's concept and policy concerning information security in
conformity with global guidelines;

[0100] a corporate-level security policy which describes an information
security system embodying the executive-level security policy; and

[0101] a product-level security policy which describes measures to
implement the executive-level security policy with reference to the
corporate-level security policy.

[0102] Since three levels of security policies are established, a
hierarchical security policy can be obtained. Here, the measures for
implementing the executive-level security policy with reference to the
corporate-level security policy include operation rules for utilizing the
security policies, as well as hardware and software.

[0103] Preferably, the corporate-level security policy describes standards
for the information security system of the overall organization; and
standards for individual equipments constituting the information security
system of the organization.

[0104] Such a configuration clarifies a security policy for the entire
organization and a security policy for individual pieces of equipment.
Here, equipment is a concept including networks, hosts, and applications.

[0105] Preferably, the product-level security policy includes two types of
product-level policies; namely,

[0106] a first-level security policy describing settings of individual
equipments constituting the information security system in natural
language; and

[0107] a second-level security policy describing settings of individual
equipments constituting the information security system in specific
language used in specific equipments.

[0109] The present invention also provides a method of assessing the state
of security of an organization, the method comprising:

[0110] an inquiry preparation step of preparing inquiries to be submitted
to members of an organization;

[0111] an inquiry step of submitting the prepared inquiries to the
members;

[0112] an answer acquisition step of acquiring from the members answers to
the inquiries; and

[0113] a security state assessment step of assessing the state of security
on the basis of the answers.

[0114] By means of such a configuration, the security state of an
organization can be ascertained on the basis of answers to inquiries.

[0115] Preferably, the inquiry preparation step involves preparation of
inquiries on the basis of job specifications of members to be inquired.

[0116] Since inquiries are prepared according to a job specification of an
member to be inquired, inquiries can be submitted efficiently.

[0117] Preferably, the answer acquisition step involves integration of
previous answers and acquired answers in a case where the answers are
provided by a member to be inquired who has provided answers before, and
involves storage of the integrated answers into storage means as answers
from a single member to be inquired.

[0118] Such a configuration enables integration of answers while ensuring
a match among the answers in a case where a plurality of inquirers submit
separately inquiries to members to be inquired.

[0119] Preferably, the assessment of a security state includes

[0120] assessment of security of the organization;

[0121] average assessment of security of the other organizations included
in an industry to which the organization pertains; and

[0122] the highest security assessment which is considered to be
attainable by organizations in the industry to which the organization
pertains.

[0123] Such a configuration enables assessment of an organization in
comparison with similar organizations. Further, display of a theoretical
highest value assists manager to set a goal to be attained.

[0124] Preferably, the assessment of a security state includes scores
assigned to the following items; namely,

[0125] understanding and attitude concerning security;

[0126] a security system of the organization;

[0127] a response to unexpected accidents;

[0128] preparation of a budget for security; and

[0129] measures to improve security.

[0130] Such a configuration enables an organization to ascertain
assessment of information security on a per-item basis in respect of
manager's concept.

[0131] The present invention also provides an apparatus for assessing the
state of security of an organization, the apparatus comprising:

[0132] preparation means for preparing inquiries to be submitted to
members of an organization;

[0133] storage means for storing answers to the inquiries;

[0134] answer archival storage means for acquiring the answers to the
inquiries from the members and storing the answers into the storage
means; and

[0135] security maturity preparation means for preparing a security
maturity report representing the degree of maturity of security, on the
basis of the answers stored in the storage means.

[0136] Inquiries are submitted to members, and an organization can as
certain its security on the basis of answers to the inquiries.

[0137] Preferably, the answer archival storage means integrates previous
answers and acquired answers in a case where the answers are provided by
an member to be inquired who has provided answers before, and stores the
integrated answers into the storage means as answers from a single member
to be inquired.

[0138] Such a configuration enables integration of answers while ensuring
a match among the answers in a case where a plurality of inquirers submit
separately inquiries to members to be inquired.

[0139] Preferably, the security maturity report includes

[0140] the degree of maturity of the organizations security;

[0141] the average degree of maturity of security of other organizations
included in an industry to which the organization pertains; and

[0142] the highest degree of maturity of security which is considered to
be attainable by organizations in the industry to which the organization
pertains.

[0143] Such a configuration enables assessment of an organization in
comparison with other organizations in respect of average degree.
Further, display of a theoretical highest value facilitates setting of a
goal to be attained.

[0144] Preferably, the security maturity report includes scores assigned
to the following items; namely,

[0145] understanding and attitude concerning security;

[0146] a security system of the organization;

[0147] response to unexpected accidents;

[0148] preparation of a budget for security; and

[0149] measures to improve security.

[0150] Such a configuration enables an organization to ascertain
assessment of information security on a per-item basis in respect of
manager's concept.

[0151] The present invention also provides an analyzer for analyzing a
difference between a security policy and an information system of an
organization, comprising

[0152] contradiction inspection means for inspecting whether or not
contradiction exists between individual answers in response to inquiries
submitted to members of the organization; and

[0154] Such a configuration enables ascertainment of contradiction
included in answers.

[0155] Preferably, the analyzer for analyzing a difference between a
security policy and an information system of an organization further
comprises

[0156] indicating means for indicating the contradiction on the basis of
the information about contradiction;

[0157] establishment means for virtually establishing an information
system for the organization on the basis of the answers produced by the
matching means; and

[0158] difference output means for outputting a difference between the
configuration of the virtually-established information system and a
security policy, by means of comparison.

[0159] Such a configuration enables ascertainment of a difference between
a security policy and realities of an organization.

[0160] Preferably, the analyzer for analyzing a difference between a
security policy and an information system of an organization further
comprises

[0161] real system input means for examining the information system of the
organization and entering the configuration of the information system;
and

[0162] difference output means which verifies the virtually-established
information system by reference to the configuration of the information
system and outputs a difference between a security policy and the
configuration of the virtually-established information system which has
been verified, by means of comparison.

[0163] Such a configuration enables comparison between an information
system which has been verified by means of actual examination of an
information system and a security policy, thereby enabling accurate
analysis of a difference.

[0164] An invention according to a second embodiment will now be
described.

[0165] To solve the previously-described problem, in the inquiry
preparation step, the inquiries are prepared in accordance with the line
of business of the organization.

[0166] Preferably, the inquiry preparation means generates inquiries to be
submitted to an interviewee in accordance with the line of business of
the organization.

[0167] According to the present invention, the line of business of an
organization is taken into account. Hence, a security policy
corresponding to a line of business can be established.

[0168] An invention according to a third embodiment will now be described.

[0169] According to the present invention, in the drafting step, a
security policy is drafted on the basis of recommendations or regulations
aimed at a specific line of business.

[0170] According to the present invention, the establishment means
establishes a security policy on the basis of items of recommendations or
regulations aimed at a specific line of business.

[0171] Such a configuration enables establishment of a security policy for
items which are of greater detail than general-purpose global guidelines,
in connection with a specific line of business.

[0172] An invention according to a fourth embodiment will be described
hereinbelow.

[0173] According to the present invention, in the establishment step, a
security policy is established on the basis of items of global guidelines
of one or a plurality of types prescribed by a user.

[0174] According to the present invention, the establishment means
establishes a security policy on the basis of items of global guidelines
of one or a plurality of types prescribed by a user.

[0175] By means of the configuration of the invention, a user can select a
global guidelines to be employed.

[0176] According to the present invention, in the inquiry preparation
step, inquiries are generated on the basis of items of global guidelines
of one or a plurality of types prescribed by a user.

[0177] Similarly, the inquiry preparation means generates inquiries to be
submitted to interviewees, on the basis of items of global guidelines of
one or a plurality of types prescribed by a user.

[0178] By means of such a configuration, inquiries complying with a global
guideline prescribed by the user are submitted, thereby enabling
efficient inquiries.

[0179] An invention according to a fifth embodiment will now be described.

[0180] According to the present invention, in the establishment step, a
security policy is established on the basis of an indicator of
rigorousness of security policy prescribed by the user.

[0181] According to the present invention, the establishment means
establishes a security policy on the basis of an indicator of
rigorousness of security policy prescribed by the user.

[0182] By means of the configuration according to the present invention,
the user can freely specify the level of rigorousness of security policy
through use of security policy.

[0183] According to the present invention, in the inquiry preparation
step, the inquiries are generated on the basis of an indicator of
rigorousness of security policy prescribed by the user.

[0184] Similarly, according to the present invention, the inquiry
preparation means generates inquiries, on the basis of an indicator of
rigorousness of security policy prescribed by the user.

[0185] By means of such a configuration, inquiries are generated in
accordance with the level of rigorousness prescribed by the user. As will
be described later, if a higher level of rigorousness is prescribed, the
number of general inquiries is increased, so that inquiries concerning
detailed items are generated. In contrast, if a lower level of
rigorousness is prescribed, the number of general inquiries is reduced,
and inquiries become less elaborate. Since inquiries according to the
level of rigorousness are generated, inquiries can be made more
efficiently.

[0186] The present invention provides a security policy rigorousness
adjustment method for adjusting the level of rigorousness of a security
policy, comprising:

[0187] a rigorousness adjustment step of replacing the rules which have
been determined not to match the indicator of rigorousness prescribed by
a user with rules matching the indicator of rigorousness; and

[0188] a merge and output step of merging the rules matching the indicator
of rigorousness from the beginning with the rules which in the
rigorousness adjustment step have replaced the rules not matching the
indicator and of outputting the merged rules.

[0189] Further, the present invention provides a security policy
rigorousness adjustment apparatus for adjusting the level of rigorousness
of a security policy, comprising:

[0190] rigorousness adjustment means for replacing the rules which have
been determined not to match the indicator of rigorousness prescribed by
a user with rules matching the indicator of rigorousness; and

[0191] Merge and output means for merging the rules matching the indicator
of rigorousness from the beginning with the rules which in the
rigorousness adjustment step have replaced the rules not matching the
indicator and for outputting the merged rules.

[0192] By means of these configurations according to the present
invention, the level of rigorousness of security policy can be adjusted
such that a level of rigorousness prescribed by the user is achieved.

[0193] An invention according to a sixth embodiment will now be described.

[0194] The present invention provides a method of establishing a security
policy of a predetermined organization, comprising:

[0195] an inquiry preparation step of generating inquiries which pertain
to items required for establishing a security policy of the organization
and are to be submitted to members of the organization;

[0196] an inquiry submission step of submitting the generated inquiries to
the members;

[0197] an answer acquisition step of acquiring from the members answers to
the inquiries; and

[0198] a preparation step of preparing a security policy draft on the
basis of the answers, wherein, in the establishment step, a security
policy within a range of establishment prescribed by the user is
established.

[0199] By means of the configuration set forth, a security policy falling
within the range prescribed by the user is obtained.

[0200] According to the present invention, in the inquiry preparation
step, inquiries pertaining to the range of establishment prescribed by
the user are generated.

[0201] By means of such a configuration according to the present
invention, only inquiries about the range prescribed by the user are
generated. Hence, submission of inquiries irrelevant to the range is
prevented.

[0202] The present invention provides a security policy establishment
apparatus for establishing a security policy of a predetermined
organization, comprising:

[0203] inquiry preparation means for generating inquiries which pertain to
items required for establishing a security policy of the organization and
are to be submitted to members of the organization;

[0204] storage means for storing answers to the generated inquiries;

[0205] answer archival storage means for acquiring answers to the
generated inquiries and storing the answers into the storage means; and

[0206] establishment means for establishing a security policy within the
range of establishment prescribed by the user.

[0207] By means of such a configuration, there is obtained a security
policy falling within the range prescribed by the user.

[0208] According to the present invention, the inquiry preparation means
generates inquiries pertaining to the range of establishment prescribed
by the user.

[0209] Such a configuration enables generation of only inquiries
pertaining to a range prescribed by the user. Hence, submission of
inquiries irrelevant to the range is prevented.

[0210] An invention according to an seventh embodiment will be described.

[0211] The seventh embodiment describes programs for causing a computer to
perform the operations which have been described thus far and a recording
medium (hard disk drive) having the programs recorded thereon. Hence,
operations of the programs and operation of the recording medium having
the programs recorded thereon are identical with those of the inventions
which have been described thus far.

[0212] The present invention provides a computer-readable recording medium
having recorded thereon a program for causing a computer to perform:

[0213] inquiry preparation procedures for generating inquiries which
pertain to items required for establishing a security policy of the
organization and are to be submitted to members of the organization;

[0214] answer archival procedures for entering answers to the generated
inquiries and storing the answers into storage means; and

[0215] establishment procedures for establishing a security policy on the
basis of the answers stored in the storage means.

[0216] According to the present invention, in the inquiry preparation
procedures, inquiries to be submitted to interviewees are generated on
the basis of job specifications of the interviewees.

[0217] According to the present invention, in the answer archival
procedures, the answers acquired from a single member from among the
acquired answers are integrated, and the integrated answers are stored
into the storage means as answers of a single member to be inquired; or
weights are assigned to answers according to job specifications of the
members to be inquired if contradictory answers are included in the
answers, to thereby estimate final answers and display the estimated
final answers.

[0218] According to the present invention, in the inquiry preparation
procedures, inquiries to be submitted to the interviewees are generated
on the basis of the line of business of the organization.

[0219] According to the present invention, in the establishment
procedures, a security policy is established on the basis of items of
global guide lines of one or a plurality of types prescribed by a user.

[0220] According to the present invention, in the inquiry preparation
procedures, the inquiries are generated on the basis of an indicator of
rigorousness of security policy prescribed by the user.

[0221] According to the present invention, in the establishment
procedures, a security policy within a range of establishment prescribed
by the user is established.

[0222] The present invention provides a computer-readable recording medium
having recorded thereon a program for causing a computer to perform:

[0223] inquiry preparation procedures for generating inquiries which
pertain to items required for evaluating the degree of maturity of
security of a predetermined organization and are to be submitted to
members of the organization;

[0224] answer archival procedures for entering answers to the prepared
inquiries and storing the answers into storage means; and

[0225] security maturity preparation procedures for preparing a security
maturity report representing the degree of maturity of security, on the
basis of the answers stored in the storage means.

[0226] The present invention provides a computer-readable recording medium
having recorded thereon a program for causing a computer to perform:

[0227] contradiction inspection procedures for inspecting whether or not
contradiction exists between individual answers submitted in response to
inquiries which pertain to items required for ascertaining a difference
between a security policy of the predetermined organization and an
information system of the organization and which have been submitted to
members of a predetermined organization; and

[0230] matching procedures for matching the answers on the basis of the
information about contradiction, thus producing answers free of
contradiction;

[0231] establishment procedures for virtually establishing the
configuration of an information system of the organization, on the basis
of the answers produced by the matching means; and

[0232] difference output procedures for outputting a difference between
the configuration of the virtually-established information system and the
security policy, obtained by means of comparison.

[0233] The present invention provides a computer-readable recording medium
having recorded thereon a program for causing a computer to perform:

[0234] level-of-rigorousness inspection procedures for inspecting whether
or not individual rules of the security policy match an indicator of
rigorousness prescribed by a user;

[0235] rigorousness adjustment procedures for replacing the rules which
have been determined not to match the indicator in the
level-of-rigorousness inspection step with rules matching the indicator
of rigorousness; and

[0236] merge and output procedures for merging the rules matching the
indicator of rigorousness from the beginning with the rules which in the
rigorousness adjustment step have replaced the rules not matching the
indicator and for outputting the merged rules.

[0237] The inventions set forth relate to a recording medium. Next, an
invention related to a program will be described.

[0238] The present invention provides a program for causing a computer to
perform:

[0239] inquiry preparation procedures for generating inquiries which
pertain to items required for establishing a security policy of a
predetermined organization and are to be submitted to members of the
organization;

[0240] answer archival procedures for entering answers to the prepared
inquiries and storing the answers into storage means; and

[0241] establishment procedures for establishing a security policy on the
basis of the answers stored in the storage means.

[0242] According to the present invention, in the inquiry preparation
procedures, inquiries to be submitted to interviewees are generated on
the basis of job specifications of the interviewees.

[0243] According to the present invention, in the answer archival
procedures, the answers acquired from a single member from among the
acquired answers are integrated, and the integrated answers are stored
into the storage means as answers of a single member to be inquired; or

[0244] weights are assigned to answers according to job specifications of
the members to be inquired if contradictory answers are included in the
answers, to thereby estimate final answers and display the estimated
final answers.

[0245] According to the present invention, in the inquiry preparation
procedures, inquiries to be submitted to the interviewees are generated
on the basis of the line of business of the organization.

[0246] According to the present invention, in the establishment
procedures, a security policy is established on the basis of items of
global guidelines of one or a plurality of types prescribed by a user.

[0247] According to the present invention, in the inquiry preparation
procedures, the inquiries are generated on the basis of an indicator of
rigorousness of security policy prescribed by the user.

[0248] According to the present invention, in the establishment
procedures, a security policy within a range of establishment prescribed
by the user is established.

[0249] The present invention provides a program for causing a computer to
perform:

[0250] inquiry preparation procedures for generating inquiries which
pertain to items required for evaluating the degree of maturity of
security of a predetermined organization and are to be submitted to
members of the organization;

[0251] answer archival procedures for entering answers to the generated
inquiries and storing the answers into storage means; and

[0252] security maturity preparation procedures for preparing a security
maturity report representing the degree of maturity of security, on the
basis of the answers stored in the storage means.

[0253] The present invention provides a program for causing a computer to
perform:

[0254] contradiction inspection procedures for inspecting whether or not
contradiction exists between individual answers in response to inquiries
which pertain to items required for ascertaining a difference between a
security policy of the predetermined organization and an information
system of the organization and which have been submitted to members of a
predetermined organization; and

[0256] According to the present invention, the program further comprises:

[0257] matching procedures for matching the answers on the basis of the
information about contradiction, thus producing answers free of
contradiction;

[0258] establishment procedures for virtually establishing the
configuration of an information system of the organization, on the basis
of the answers produced by the matching means; and

[0259] difference output procedures for outputting a difference between
the configuration of the virtually-established information system and the
security policy, obtained by means of comparison.

[0260] The present invention provides a program for causing a computer to
perform:

[0261] level-of-rigorousness inspection procedures for inspecting whether
or not individual rules of the security policy match an indicator of
rigorousness prescribed by a user;

[0262] rigorousness adjustment procedures for replacing the rules which
have been determined not to match the indicator in the
level-of-rigorousness inspection step with rules matching the indicator
of rigorousness; and

[0263] merge and output procedures for merging the rules matching the
indicator of rigorousness from the beginning with the rules which in the
rigorousness adjustment step have replaced the rules not matching the
indicator and for outputting the merged rules.

BRIEF DESCRIPTION OF THE DRAWINGS

[0264] FIG. 1 is a flowchart representing the principle of a business
model according to a preferred embodiment of the present invention;

[0265] FIG. 2 is a block diagram showing the configuration of an appraisal
device;

[0266] FIG. 3 is a flowchart representing preparation of an appraisal
report;

[0267] FIG. 4 is a block diagram showing the configuration of an apparatus
for preparing a security policy draft;

[0268] FIG. 5 is a flowchart showing establishment of a security policy
draft through use of a security policy draft establishment apparatus;

[0269] FIG. 6 is a listing of types representing job specifications;

[0270] FIG. 7 is a block diagram showing the configuration of an analyzer;

[0271] FIG. 8 is a block diagram showing the configuration of a security
policy draft preparation apparatus according to a second embodiment of
the present invention;

[0272] FIG. 9 is a block diagram showing the configuration of a security
policy draft preparation apparatus according to a third embodiment of the
present invention;

[0273] FIG. 10 is a block diagram showing the configuration of a security
policy draft preparation apparatus according to a fourth embodiment of
the present invention;

[0274] FIG. 11 is a block diagram showing the configuration of a security
policy draft preparation apparatus according to a fifth embodiment of the
present invention;

[0275] FIG. 12 is a block diagram showing the configuration of a security
policy rigorousness adjustment apparatus according to the fifth
embodiment of the present invention;

[0276] FIG. 13 is a flowchart showing operation of the security policy
rigorousness adjustment apparatus according to the fifth embodiment;

[0277] FIG. 14 is a block diagram showing the configuration of a security
policy draft preparation apparatus according to a sixth embodiment of the
present invention; and

[0278] FIG. 15 is a descriptive view showing a computer and a hard disk
drive provided therein according to an seventh embodiment.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

[0279] A preferred embodiment of the present invention will now be
described hereinbelow by reference to the accompanying drawings.

[0280] First Embodiment

[0281] There will be described a business model concerning a round of
operations from establishment of a security policy of a certain
organization to maintenance of the security policy. Preferably, the
business model is implemented by a system engineer through use of a
predetermined expert system.

[0282] The principle of the business model according to a first embodiment
of the present invention will first be described. FIG. 1 shows a
flowchart representing the principle of such a business model. As
illustrated by the drawing, the business model according to the present
invention is basically made up of the following six steps.

[0283] Step 1: Assessment of security maturity

[0284] Step 2: Preparation of a security policy draft

[0285] Step 3: System, and inspection and analysis of the system

[0286] Step 4: Coordination between a policy and rules

[0287] Step 5: Priority Planning

[0288] Step 6: Implementation of measures to enhance security.

[0289] According to the security establishment method consisting of six
steps, an interview-based security policy draft is first established. If
necessary, the security policy draft is re-adjusted so as to reflect the
reality of an organization. Since the security policy is completed
stepwise, the security policy can be established in accordance with the
schedule or budget of an organization.

[0290] Step 1 is for evaluating the current state of information security
of an organization. Through assessment of information security, the
organization can ascertain the goal to be attained in respect of
manager's concept.

[0291] Step 2 is for preparing an elementary security policy draft by
means of submitting inquiries to members of the organization. The
security policy draft is prepared by means of simple interview, and hence
a security policy can be prepared at relatively low cost.

[0292] Step 3 is for reviewing a difference between the virtually
constructed information system and the reality of the organization. Since
the virtually constructed information system is prepared on the basis of
mere answers to the inquiries, a difference may arise between the
virtually constructed information system and the reality of the
organization.

[0293] Step 4 is for adjusting, in accordance with a difference, a
security policy or rules about security products which have already been
introduced.

[0294] Step 5 is for establishing a future information security plan,
taking into consideration precedence in adopting means or measures.

[0295] Step 6 is for performing required security protection measures
according to the information security plan.

[0296] Since the security policy is established stepwise as mentioned
above, a security policy can be established in accordance with realities
of each organization; that is, the budget or concept of each
organization.

[0297] For instance, it depends on the company's way of thinking or budget
that a security policy draft is sufficient or not. Priority planning
makes a future plan specific, and hence there will be yielded an
advantage of easy development of a budget for the organization.

[0298] The dominant steps of the business model according to the present
embodiment reside particularly in steps 2 through 4. In step 2, an
elementary security policy draft is prepared. In step 3, a difference
between the security policy draft and the realities of an organization is
analyzed. In step 4, a security policy or rules for security products
which have already been introduced are adjusted. So long as a business
model includes at least steps 2 through 4, the business model enables
systematic establishment of a security policy. Such a business model
enables an increase in productivity and quality relative to a
conventional method based on experience and intuition.

[0299] In order to implement such stepwise establishment of a security
policy, various expert systems are used in the first embodiment.

[0300] Steps 1 through 6 will now be described individually, including a
method of using expert systems.

[0301] A. Step 1: Assessment of Security Maturity

[0302] In this step, maturity of current information security of an
organization is objectively assessed. Through such an appraisal, the
organization can be rated in terms of security. More specifically,
assessment of information security is performed by means of preparing the
security maturity appraisal report.

[0303] In the first embodiment, security maturity is assessed on the basis
of a Software Capability Maturity Model developed by Carnegie Mellon
University in the U.S. According to this model, security maturity is
quantitatively assessed with regard to five headings. In other words,
scores are assigned for each of the five headings.

[0310] Here, an unexpected disaster mean an event which threatens
information security; for example, a wiretapping activity or faulty
operation of equipment. Entry "c"; i.e., response to unexpected disaster,
represents whether or not the organization can address unexpected
disaster. Entry "d"; i.e., budgeting for security, represents whether or
not a sufficient budget is ensured for information security. Entry "e";
i.e., measures to improve security, represents the extent to which a
schedule or plan for security improvement is made.

[0311] In the first embodiment, a maturity assessment report is prepared
with regard to the above-described five headings, and includes scores. By
means of such a report, the objective estimation of manager's
understanding for information system security of an organization can be
ascertained.

[0312] A specific method of preparing the security maturity assessment
report will now be described.

[0313] In the first embodiment, inquiries are submitted to the
organization's manager(CEO, president, etc . . . ) and an maturity
assessment report is prepared on the basis of answers to the inquiries.
More specifically, an appraisal device 10 shown in FIG. 2 performs
preparation of inquiries, collection of answers, and preparation of the
security maturity assessment report. FIG. 3 shows a flowchart
representing operations for preparing the security maturity assessment
report. The flowchart shown in FIG. 3 shows, in more detail, processing
pertaining to step S1-1 shown in FIG. 1.

[0314] As shown in FIG. 2, the appraisal device 10 has inquiry preparation
means 12 for preparing inquiries to be submitted to managers to be
inquired.

[0315] A variety of inquiries are stored beforehand in the storage means
14, and the inquiry preparation means 12 extracts inquiries required for
a member to be inquired.

[0316] The appraisal device 10 has answer archival storage means 16.
Answers submitted by managers in response to inquiries which have been
prepared in the manner as mentioned above are supplied to the answer
archival storage means 16. The answer archival storage means 16 preserves
answers in the storage means 14.

[0317] The first embodiment is also characterized in that the answer
archival storage means 16 has an answer integration function. In a case
where inquiries are submitted by a plurality of systems engineers,
answers to the inquiries are collectively stored in the storage means 14
according to the answer integration function. In a case where a large
number of managers are to be inquired, answers can be immediately
acquired by means of a plurality of systems engineers sharing the load of
submitting inquiries to the managers through interview. In such a case,
the resultant answers are accumulated in a plurality of computers.
Therefore, these answers must be integrated into a single database.

[0318] As a matter of course, the answer integration function can be
utilized for integrating answers submitted by a single manager to be
inquired as a result of inquiries having been submitted to the manager
and answers having been acquired from the manager on several occasions,
for reasons that submitting inquiries to the manager and receiving
answers to the inquires from the member could not be performed on a
single occasion.

[0319] The appraisal device 10 has security maturity preparation means 18,
which prepares the security maturity report, or an assessment report
about information security of an organization, on the basis of the group
of answers stored in the storage means 14.

[0320] This appraisal device 10 is a so-called expert system.

[0321] There is employed the appraisal device 10 having the function of
integrating collected answers. Consequently, the security maturity
assessment report can be prepared efficiently and precisely.

[0322] By reference to the flowchart shown in FIG. 3, there will be
described an operation for preparing the security maturity assessment
report.

[0323] In step S3-1, inquiries to be submitted to the member are prepared
by the inquiry preparation means 12.

[0324] In step S3-2, a systems engineer submits the thus-prepared
inquiries to the manager.

[0325] In step S3-3, answers to the inquiries are acquired from the
manager and delivered to the answer archival storage means 16 of the
appraisal device 10. As set forth, the answer archival storage means 16
has the answer integration function and sends the answers to the storage
means 14 after having integrated them into a single database.

[0326] In step S3-4, the security maturity report preparation means 18
prepares the security maturity assessment report including scores
assigned to five respective headings, on the basis of the group of
answers stored in the storage means 14.

[0327] As mentioned above, the security maturity assessment report is
prepared through use of the appraisal device 10.

[0328] Comparison between Industry Standard and Scores Described in
Security maturity Assessment Report

[0329] As mentioned previously, scores (points) are assigned to five
respective headings described in the security maturity assessment report.

[0330] The first embodiment is characterized particularly in that an
average of scores assigned to all the organizations and the highest score
in an industry to which the organization pertains are displayed along
with a score assigned to the security maturity assessment report. Here,
the expression "highest score" is the top score (a theoretical value)
which can be attained by any organization belonging to the industry.

[0331] As a result, the ranking of efforts made by the organization for
ensuring information security in the industry can be readily ascertained.
Such a mean value and the maximum value in an individual industry are
stored in the storage means 14 beforehand. Further, an average value is
updated periodically.

[0332] Report on the Progress of Implementation of Security Measures

[0333] In the first embodiment, the security maturity assessment report is
prepared to the manager's understanding for information security of an
organization is investigated prior to establishment of a security policy.
However, so long as the security maturity report is prepared during the
course of sequential implementation of measures for information security,
the progress of implementing measures for information security can be
ascertained. Accordingly, a step of preparing the security maturity
report also serves as a step of reporting the progress of implementation
of security.

[0334] In the appraisal device 10 according to the first embodiment, all
the inquiries and corresponding answers are stored in the storage means
14. However, it may be the case that inquiries are stored in one storage
means and answers are stored in another storage means.

[0335] B. Step 2: Preparation of Security Policy Draft

[0336] In this step, a simple security policy draft of an organization is
prepared. The draft corresponds to a security policy based on answers are
submitted by members of the organization in response to inquiries. Since
an actual information system of the organization has not yet been
investigated, a security policy cannot be established immediately.

[0337] Various basic headings and contents used for establishing a
standard security policy have already been known as international
guidelines. These guidelines are hereinafter called global guidelines. In
the present embodiment, a security policy draft is prepared by means of
extracting principles from the global guidelines and combining the
thus-extracted principles, as required.

[0338] In the first embodiment, a security policy draft preparation
apparatus 20 is used for preparing a security policy draft. FIG. 4 is a
block diagram showing the configuration of the security policy draft
preparation apparatus 20.

[0339] As shown in FIG. 4, the security policy draft preparation apparatus
20 has inquiry preparation means 22 for preparing inquiries to be
submitted to an member to be inquired, in accordance with job
specifications of the member to be inquired. Inquiries are changed in
accordance with job specifications of a member to be inquired for
acquiring useful answers, as determined by the inquiry preparation means
12 of the appraisal device 10.

[0340] A variety of inquiries are stored beforehand in storage means 24
provided in the security policy draft preparation apparatus 20, as in the
case of the storage means 14 shown in FIG. 2. The inquiry preparation
means 22 extracts appropriate inquiries from the storage means 24 in
accordance with job specifications of a member.

[0344] (1) A plurality of systems engineers separately conduct interviews
with individual members and collect the resultant answers. For instance,
if a plurality of systems engineers conduct an interview with a single
member, the resultant answers are integrated into a single database. More
specifically, a series of inquiries of the same type are submitted to a
plurality of members, and the resultant answers are integrated into a
single database.

[0345] (2) There may be a case where a single inquiry is submitted to
different members through interviews. In such a case, a contradiction may
arise in answers. There are two measures to eliminate the contradiction.
A first measure is a re-interview. In the event that respondents have
submitted incorrect answers with regard to the contradiction, it is
thought that such a contradiction can be resolved by means of conducting
a re-interview or inspection (or both). A second measure is to determine
answers by means of assigning weights to answers in accordance with the
types (job specifications) of the members.

[0346] In the present embodiment, the user can freely select either the
first measure or the second measure.

[0347] The security policy draft preparation apparatus 20 has draft
preparation means 28 for preparing a security policy draft. The draft
preparation means 28 prepares a security policy on the basis of the group
of answers stored in the storage means 24.

[0348] The security policy draft preparation apparatus 20 is a so-called
expert system, as is the appraisal device 10. In fact, the
previously-described individual means are preferably embodied as software
which is executed on a computer.

[0349] By reference to a flowchart shown in FIG. 5, there will be
described an operation for preparing a security policy draft. FIG. 5
shows a flowchart representing an operation for preparing a security
policy draft through use of the security policy draft preparation
apparatus 20.

[0350] In step S5-1, job specifications of members who are to be inquired
are supplied to the inquiry preparation means 22, and inquiries are
submitted to the members.

[0351] As set forth, in the first embodiment, inquiries to be prepared are
determined in accordance with job specifications of the members.
Consequently, appropriate inquiries to be submitted to members to be
inquired can be prepared.

[0352] A so-called course of inquiries is determined in accordance with
job specifications of a member. Actual inquiries to be submitted in each
course are changed in response to an answer submitted by a member. For
example, if in response to an inquiry about use of VPN a member has
answered that VPN is not used, detailed inquiries about VPN are skipped.
In contrast, if the member has answered that VPN is used, detailed
inquiries about VPN are submitted to the member.

[0353] Such a control operation is implemented by utilization of, a
so-called knowledge-based expert system.

[0354] In step S5-2, the thus-prepared inquiries are submitted to members.

[0355] In step S5-3, answers to the inquiries are submitted by the
members, and the answers are entered to the answer archival storage means
26 of the security policy draft preparation apparatus 20. Preferably, the
answers are entered by the interviewers. As a matter of course, there may
be employed a form in which individual members answer inquiries by way of
a screen of the policy draft preparation apparatus 20. The answer
archival storage means 26 has an answer integration function, as
mentioned above, and integrates answers acquired by a plurality of
interviewers into a single database and stores the single database into
the storage means 24.

[0356] In step S5-4, on the basis of the group of answers stored in the
storage means 24, the draft preparation means 28 prepares a security
policy draft by combination of various principles extracted from the
global guidelines.

[0357] As set forth, a security policy draft is prepared through use of
the security policy draft preparation apparatus 20.

[0358] In the first embodiment, there are prepared three levels of (drafts
of) security policy: that is, an executive-level security policy (draft),
a corporate-level security policy (draft), and a product-level security
policy (draft). These three levels of security policy drafts will be
described later in section B-5.

[0359] B-1: Inquiries (for an interview)

[0360] Inquiries (often called an "interview") will be described
hereinbelow.

[0361] Headings of an interview are as follows:

[0362] 1. Organization

[0363] 2. Network

[0364] 3. Server and host

[0365] 4. Application and database

[0366] 5. Security items of great importance

[0367] 6. Other security Items

[0368] Individual headings will now be described.

[0369] (1) Organization

[0370] In connection with heading "organization" an interview is conducted
for the outline and system of an "organization". From answers to the
inquiries, there can be derived an information security administration
system, policy principles, and analysis of vulnerability (analysis of
differences).

[0371] Heading "organization" is followed by the following sub-headings.

[0372] 1.1 Management system

[0373] 1.2 Employees

[0374] 1.3 Outline of enterprise

[0375] 1.4 Venders

[0376] 1.5 Clients

[0377] 1.6 Consultants

[0378] 1.7 Outsourcing

[0379] 1.8 Application

[0380] 1.9 Network

[0381] 1.10 Security profile

[0382] 1.11 Business category

[0383] 1.12 Organization policy

[0384] Inquiry headings may change according to job specifications. For
instance, inquiry heading "host" is not provided for a chief executive
officer. Thus, the present embodiment is characterized in that inquiries
change according to job specifications. Thus, inquiries tailored to job
specifications can be submitted to a member, thus enabling efficient
conduct of an interview.

[0385] (2) Network

[0386] In connection with heading "network," inquiries about the outline,
operation, and settings of a network are submitted through an interview.
From answers to these inquiries, there can be derived the vulnerability
of the network, a corporate-level policy pertaining to the network, or
the like.

[0387] Heading "network" is followed by the following sub-headings.

[0388] 2.1 Operation environment

[0389] 2.2 Network properties

[0390] 2.3 Authentication and identification

[0391] 2.4 Audit and logs

[0392] 2.5 Access control

[0393] 2.6 Modification procedures

[0394] 2.7 Disaster recovery

[0395] 2.8 Operation reliability

[0396] 2.9 Physical security

[0397] 2.10 Modem

[0398] 2.11 Workstation security

[0399] (3) Server and Host

[0400] In connection with heading "server and host," inquiries about the
outline, operation, and settings of a host are submitted through an
interview. From answers to the inquiries, there are derived the weakness
of a host and a corporate-level policy pertaining to a host and a server.

[0401] Heading "server and host" is followed by the following
sub-headings.

[0402] 3.1 Properties of server and host

[0403] 3.2 Authentication and identification

[0404] 3.3 Audit and logs

[0405] 3.4 Access control

[0406] 3.5 Modification procedures

[0407] 3.6 Disaster recovery and back-up

[0408] 3.7 Operation reliability

[0409] 3.8 Physical security

[0410] (4) Application and database

[0411] In connection with heading "application and database," inquiries
about the outline, operation, and settings of an application are
submitted through an interview. From answers to the inquiries, there are
derived the vulnerability of an application and a corporate-level policy
pertaining to an application.

[0412] Heading "application and database" is followed by the following
sub-headings.

[0413] 4.1 Properties of application and database

[0414] 4.2 Authentication and identification

[0415] 4.3 Audit and logs

[0416] 4.4 Access control

[0417] 4.5 Modification procedures

[0418] 4.6 Disaster recovery and back-up

[0419] 4.7 Operation reliability

[0420] 4.8 Physical security

[0421] (5) Security items of great importance

[0422] In connection with heading "security items of great importance"
inquiries about information usually required for establishing a firewall
are submitted through an interview. From answers to the inquiries, there
are derived a corporate-level policy and a product-level policy.

[0423] Heading "security items of great importance" is followed by the
following sub-headings.

[0424] 5.1 Management of firewall

[0425] 5.2 Packet filtering

[0426] 5.3 NAT (network address transfer)

[0427] 5.4 SMTP content filtering

[0428] 5.5 FTP content filtering

[0429] 5.6 HTTP content filtering

[0430] 5.7 Logs and alert

[0431] (6) Other Security Items

[0432] In connection with heading "other security items" inquiries about
information usually required for establishing VPN are submitted through
an interview. From answers to the inquiries, there are derived a
corporate-level policy and a product-level policy.

[0433] Heading "other security items" is followed by the following
sub-headings.

[0434] 6.1 VPN properties

[0435] 6.2 VPN management

[0436] 6.3 Key delivery

[0437] 6.4 Logs and audit

[0438] B-2 Interview Style

[0439] Contents of an interview are as set forth, and the interview is
conducted in any of various forms, such as a description form or a
multiple-choice.

[0440] B-3 Interviewee

[0441] The security policy draft preparation apparatus 20 according to the
first embodiment changes inquiries according to a member who is an
interviewee. In short, inquiries are controlled according to job
specifications of an interviewee.

[0442] Consequently, appropriate inquiries to be submitted to an
interviewee can be prepared.

[0443] In more detail, a so-called course of inquiries is determined in
accordance with job specifications of a member. Inquiries to be submitted
in each course are changed in response to an answer submitted by a
member. For example, if in response to an inquiry about use of VPN a
member has answered that VPN is not used, detailed inquiries about VPN
are skipped. In contrast, if the member has answered that VPN is used,
detailed inquiries about VPN are submitted to the member.

[0444] Such a control operation is implemented by utilization of a
so-called knowledge-based expert system.

[0445] Prior to conduct of an actual interview, job specifications of an
interviewee must be entered into the security policy preparation
apparatus 20. More specifically, data pertaining to the following entries
are input.

[0446] * Name

[0447] * Department

[0448] * Title

[0449] Postal Code

[0450] Address

[0451] Country

[0452] Phone Number

[0453] E-mail Address

[0454] *Type

[0455] Of these entries, entries prefixed by asterisks are required
entries. Here, the expression "type" denotes a symbol representing a job
specification. In the present embodiment, symbols shown in FIG. 6 are
used for expressing a job specification. Simply put, the "type" denotes a
job specification. Inquiries to be submitted are determined on the basis
of a type. A listing of types to be handled in the present embodiment is
shown in FIG. 6.

[0456] Inquiries which are actually submitted to an interviewee change
according to answers. Such control of inquiries is performed on the basis
of a knowledge-based operation. For instance, an inquiry about an
"expiration date of a password" is not submitted to members who have
answered that no expiration is imposed on a password in response to an
inquiry as to whether or not an expiration data is set for a password. In
contrast, an inquiry about an expiration date of a password may be
submitted to members who have answered that an expiration date is set for
a password.

[0457] B-4 Information Assets to be Managed

[0458] In the first embodiment, information assets for which security must
be ensured are classified into five categories; namely, network, host,
application, user group, and others. In a case where information assets
are entered into the security policy draft preparation apparatus 20
according to the present embodiment, data pertaining to the following
four entries are to be input. Here, in a case where information assets
belong to either category "host" or category "network," data pertaining
to two additional entries; i.e., "IP address" and "sub-net mask," are to
be entered.

[0459] Asset ID

[0460] *Asset type

[0461] *Name of asset

[0462] Details

[0463] Of these entries, entry "asset type" covers five types.

[0464] A application

[0465] H Host

[0466] N Network

[0467] U User group

[0468] W Others, including URL, domain names, and file names

[0469] The expression "user group" designates a logical set of users
possessing a common characteristic. For example, users who handle, amend,
analyze, and report accounting information are collectively called a
"accounting group." Each user group is formed from one user or two or
more users. The word "user" designates a human who uses information
assets.

[0470] B-5 Preparation of Security Policy Draft

[0471] A security policy is established by means of entering into the
security policy draft preparation apparatus 20 answers to the foregoing
inquiries. This device is a so-called expert system. By means of entry of
answers to inquiries into a system, the system produces and outputs a
security policy. Such a device which produces data of some kind in
response to entry of answers to inquiries has already been known as an
expert system, and hence its detailed explanation is omitted.

[0472] In the first embodiment, three levels of security policies are
produced; i.e., an executive-level security policy, a corporate-level
security policy, and a product-level security policy. Similarly, there
are prepared three levels of security policy drafts corresponding to the
respective security policies.

[0473] (1) Executive-level Security Policy

[0474] An executive-level security policy consists of descriptions of the
organization's "concept" and "policy" concerning security.

[0475] An executive-level policy includes the following items.

[0476] Access Control

[0477] An owner of information assets must manage and control the right to
access information assets. In order to implement control of the access
right, an access control mechanism of a control system used for
preserving or processing information assets must be used. Item "access
control" describes the organization's concept and policy concerning
control of the access right.

[0478] Accuracy of Information

[0479] It is extremely important to maintain the contents of information
assets accurately as it is. Because information assets is indispensable
for making business decisions. Item "accuracy of information" describes
the organization's concept and policy concerning the guarantee of
accuracy of information assets content.

[0483] All systems must enable recording and analysis of user activities,
and an individual user must have responsibility for his own acts. Item
"accountability" describes the organization's concept and policy
concerning personal responsibility of an individual user.

[0484] Identification and Verification

[0485] All users must be appropriately identified in accordance with the
security level of information assets. Items "identification and
verification" used herein describe the organization's concept and policy
concerning such identification.

[0486] Emergency Response Plan

[0487] An organization must prepare a detailed plan and procedures for
ensuring appropriate response to obstacle in a system and a network. Item
"emergency response plan" describes the organization's concept and policy
concerning a plan and procedures for response to an emergency.

[0488] Awareness of Security

[0489] Top executives and other employees must become conscious of
requirements for the organization's information security, as well as of
their personal responsibility. Item "awareness of security" describes the
organization's concept and policy concerning personal responsibility.

[0490] Categorization of Information

[0491] Information security is for protecting information assets. For this
reason, information assets which are objects of protection must be
categorized and appropriately protected according to categories. Item
"categorization of information" describes the organization's concept and
policy concerning information assets.

[0492] Vocational Ethics

[0493] A user must obey the determined rule for action and handle
information assets ethically. In the event a user handles information
assets without ethic, breaks a law and rule, or handles information
assets for his private benefit, the user will be subjected to sanction.
In short, the user must be conscious that he may be subjected to
sanction. Item "vocational ethics" describes the organization's concept
and policy concerning the rule for action a user must obey.

[0494] Document Management

[0495] All security systems must be appropriately recorded in documents
and referred according to necessity. Item "document management" describes
the organization's concept and policy concerning documentation.

[0496] Investigation

[0497] In the event of obstacle or violation, the organization must
investigate the obstacle and violation and records their details in
documents according to security policy. Item "investigation" describes
the organization's concept and policy concerning investigation and
documentation of obstacle and violation.

[0498] Privacy

[0499] Information assets is to be used on the precondition that the
privacy of concerned members is guaranteed. Item "privacy" describes the
organization's concept and policy concerning privacy.

[0500] Risk Management

[0501] An owner of information assets must evaluate potential risks and
take appropriate measures to control and protect information. Item "risk
management" describes the organization's concept and policy concerning
evaluation of risks and measures to control and protect information.

[0509] With regard to information assets of an organization, descriptions
of the executive-level policy are applied to a corporate-level policy.
The corporate-level policy corresponds to descriptions of "operating
procedures." The corporate-level policy is applied to each operating unit
of the organization. Operating units are formed by means of dividing
constituent elements of an information system into groups according to
function. For example, a network, a host, and an application are
operating units.

[0511] The corporate-level security policy describes standards for the
information security system of the overall organization; and standards
for individual equipment constituting the information security system of
the organization.

[0512] At first, the corporate-level security policy is a policy
concerning all operating units which constitute the organization. For
example, regulations are described for each operating unit.

[0519] Secondary, the corporate-level security policy describes individual
units into which the operating units are further sub-divided. For
example, the corporate-level security policy comprises descriptions
pertaining to the following items.

[0520] Software Management

[0521] Item "software management" describes regulations with regard to use
of software in the organization and management of software licenses.

[0535] Item "host" describes regulations with regard to implementation of
individual hosts used in the organization.

[0536] Application

[0537] Item "application" describes regulations with regard to individual
applications used in the organization.

[0538] (3) Product-level Policy

[0539] A product-level policy describes specific "operating procedure
including methods" to be used for protecting information assets and the
nature of resources (security products and operating systems) and
settings thereof. The executive-level policy describes a policy and
management rules, whereas the product-level policy refers to details of
hardware and software. On the basis of the "principles" provided by the
executive-level policy and the "specifications" provided by the
corporate-level policy, there is provided a specific "method" for
embodying protection of information assets. Hence, the product-level
policy includes descriptions regarding implementation of specific
technology.

[0540] The product-level policy includes descriptions about software and
hardware, as well as specific rules for operating software and hardware.

[0541] For reasons of actual job performance, there may be a case where
products to be used are changed. And alternate equipment maybe used for
reasons of equipment failure. Liability for such circumstances or product
standards is left to the "principles" stipulated in the executive-level
policy or to the "regulations" stipulated in the corporate-level policy.
In other words, the executive-level policy or the corporate-level policy
must sufficiently specify measures against these circumstances.

[0542] So to speak, the previously-described executive-level policy states
the principle; for example, a rule about a necessity for revoking an
access right after completion of a job requiring the access right.

[0543] The corporate-level policy states specific rules; for example, a
rule about a necessity for controlling access by means of an operating
system.

[0544] In contrast, the product-level policy stipulates specific means;
for example, a stipulation stating that "Access control rule for server A
is only a member who has an authorization greater or equal to Chief of
Section in department B can access the Server A."

[0545] Other example is "Administrator X controls an access to server A. A
member who requires access to server A for business must request
administrator X to issue an access right. After completion of the job,
the member immediately requests administrator X to revoke the access
right."

[0546] In the present embodiment, there are two product-level policies.

[0547] A first-level product policy describes settings of individual
equipment constituting the information security system in natural
language, as are the executive-level policy and the corporate-level
policy. The foregoing examples belong to the first-level product-level
policy.

[0548] A second-level product policy describes settings of individual
equipment constituting the information security system in specific
language used in specific equipment. In other words, a second-level
product policy is a script file stating settings of specific systems.
More specifically, the second-level product-level policy describes a
setting script file of an individual system (including both hardware and
software). Therefore, the second-level product-level policy can be used
for setting a system, in its present form. In the present embodiment, a
specific script file of an individual system is prepared as a
product-level security policy. Accordingly, there are yielded an
advantage of alleviating labor required for actually setting firewalls or
routers.

[0549] Next, there is examined and analyzed a difference existing between
the thus-prepared security policy draft, realities of an information
system, and a method of operating the information system. Inspection and
analysis to be performed are made up of the following.

[0550] A security policy draft is prepared on the basis of inquiries and
answers thereto. In this process, variations or contradiction between
answers may arise. Moreover, answers are not necessarily correct.

[0551] For these reasons, the following operations are performed during
inspection and analysis.

[0552] First, answers are examined as to whether or not contradiction
arises among a plurality of answers. Further, there is performed a
comparison between the security policy draft and an information system
depicted from answers acquired by means of interviews. A comparison is
made between the security policy draft and the actual information system
which has been verified through inspection, thereby detecting a
difference.

[0553] An information system is actually inspected through use of an
analyzer, which is an expert system. FIG. 7 is a block diagram showing
the configuration of an analyzer 30. As can be seen from the drawing, the
analyzer 30 has contradiction inspection means 32 for inspecting whether
or not contradiction arises in a group of answers. An inspection result
is supplied to contradiction output means 40.

[0554] The contradiction output means 40 outputs the inspection result to
the outside in the form of an interview result contradiction report.

[0555] Contents of the interview result contradiction report are supplied
to matching means 41. In a case where a contradiction between answers is
found, the matching means 41 performs the operation that the user selects
from the two operations provided below.

[0556] (1) On the basis of job specifications of the members, the most
probable answer is estimated and displayed before the user. The User can
adopt the estimated probable answer.

[0557] (2) An interview is conducted again with regard to a contradiction,
or realities of the information system are actually investigated.
Alternatively, both conduct of a re-interview and actual inspection of an
information system are desirably performed.

[0558] Matched results (i.e., answers obtained as a result) of the
interview are supplied to a virtual information system establishment
means 34.

[0559] On the basis of a group of matched answers, the virtual information
system establishment means 34 virtually establishes an information system
for the organization. The configuration and operation of the information
system established by the virtual information system establishment means
34 are supplied to difference output means 38.

[0560] The analyzer 30 has real system input means 36 for entering the
configuration and operation of an actual information system of the
organization. The configuration and operation of a real system entered by
way of the real system input means 38 are supplied to the difference
output means 38.

[0561] As mentioned above, the virtual information system is established
on the basis of only interview results. Therefore, so long as the virtual
information system which has been verified through use of an actual
information system is compared with a security policy draft, points of
the actual information system which are to be amended can be ascertained
more clearly.

[0562] The more accurate an actual inspection conducted for the purpose of
verification, the more preferable an inspection result. Investigation of
the entire information system consumes much time and effort and makes
interviews meaningless.

[0563] For these reasons, investigation of an actual information system is
performed as a supplement to the answers obtained through the interviews.
An efficient way of attaining this is to verify the virtual information
system and analyze a difference between the thus-verified information
system and the security policy.

[0564] For example, emphasizing investigation of a contradiction between
answers is preferable. An alternative is emphasizing investigation of an
inquiry for which a member (i.e., interviewee) could not answer due to
forgetfulness.

[0565] The extent to which an investigation is to be performed should be
determined on the basis of a required accuracy, time limit, and costs.
The thus-determined difference is output as an analysis report.

[0566] Further, a security policy draft is supplied to the difference
output means 38. By means of the foregoing configuration, the difference
output means 38 performs the following two comparison operations, thereby
detecting and outputting respective differences.

[0567] (1) Analysis of a difference between a security policy draft and
the result of an interview.

[0568] (2) Analysis of a difference between a security policy and an
interview result which has been verified by means of actual inspection.

[0569] Through analysis of a difference stated in (1), a security policy
draft is compared with the information system established by the virtual
information system establishment means 34. Both the security policy draft
and the information system are prepared on the basis of results (answers
obtained as a result) of interviews conducted with the members.
Therefore, it is possible that no substantial difference is found as a
result of comparison.

[0570] For example, it will be possible that answers to interviews state
that "a password is unlimitedly valid". But, the security policy is not
allowed to make a password unlimitedly valid. Expiration of a password is
a fundamental requirement of the security policy. A security policy
without such a requirement does not merit being called a security policy.

[0571] For this reason, a difference can exist between a security policy
draft and interview results. A detected difference is output as an
analysis report.

[0572] By means of this analysis report, portions of interview results
which are to be amended in terms of security policy can be found.

[0573] During analysis of a difference stated in (2), a security policy
draft is compared with the established virtual information system which
has been verified by means of actual inspection.

[0574] Either comparison (1) or (2) or both may be performed. Preferably,
if an insufficient result is obtained as a result of implementation of
comparison (1), comparison (2) is performed.

[0575] Preferably, higher-priority portions are subjected to actual
inspection, in consideration of the priority determined as a result of
step 2 (S1-2 in FIG. 1) inspection and analysis to be described later.

[0577] In step S5-5, an inspection is performed as to whether or not
answers include only contradiction, through use of the contradiction
inspection means 32. In step S5-6, an inspection is performed as to
whether or not a difference exists between a security policy draft and
interview results, through use of the difference output means 38. Here,
the interview results comprise a virtual information system established
on the basis of answers to interviews and the virtual information system
which has been verified by means of actual inspection of a real
information system.

[0578] As mentioned above, according to the present embodiment, since the
analyzer 30 shown in FIG. 7 is employed, the user can immediately become
aware of whether or not answers include a contradiction or whether or not
a difference exists between answers and a real information system.

[0579] Here, the analyzer 30 is a so-called expert system. Further, the
previously-described means are preferably implemented by software which
runs on a computer.

[0580] C. Step 3: System, and Actual Inspection and Analysis of operation
of the System

[0581] Actual Inspection and Analysis

[0582] Through actual inspection and analysis, a difference obtained in
step S1-2 (FIG. 1) actual inspection and analysis is classified into one
of three categories; that is, a difference in member assignment, a
difference in operating method, and a difference in technical measures.
For each of the three types of difference, countermeasures and priority
are analyzed.

[0583] Example measures for a case where a difference in network policies
and the priority of the measures will be described.

[0584] (1) Difference 1

[0585] Type of Difference: Difference in personnel assignment Details: The
network policy states that an administrator of each network segment is to
be clearly designated. However, network segment administrators are not
clearly designated in a real information system.

[0590] Details: The network policy states that if a password to be used
for user authentication in a network has not been used for a long period
of time, the password should be deleted. However, the real information
system has no system for deleting such a password.

[0591] Measures: Establish a system for deleting a password assigned to a
user account which has not been used for 30 days.

[0592] Priority: High

[0593] As mentioned above, the first embodiment facilitates devising of
measures for eliminating a difference between answers given in interviews
and the real information system. Accordingly, a discrepancy between a
security policy and the real information system is easily eliminated.

[0594] D Step 4: Adjustment of Policy and Rules

[0595] In step 3, the discrepancy between the real information system and
the security policy draft is clarified, and measures for eliminating the
discrepancy and the priority of the measures are also made clear. In step
4, measures and actual work are examined.

[0596] Measures are roughly classified into two categories.

[0597] (1) Adjust the security policy draft so as to match the real
information system.

[0598] (2) Adjust operation rules of the real information system.

[0599] These measures will now be described in detail.

[0600] D-1 Adjustment of Security Policy Draft

[0601] As has been described, the security policy draft is called a set of
global guidelines. The security policy draft is prepared by means of
appropriate combination of basic items and contents for establishing a
standard security policy. Several types of global guidelines have already
been known. In the first embodiment, rules and policies are extracted
from the global guidelines, as required, and a security policy is drafted
by use of the thus-extracted rules and polices in combination. In the
drafting phase, the most rigorous global guide line is selected from
several types of global guideline, and the thus-selected guideline is
taken into a security policy draft.

[0602] Thus, in terms of severity of a rule, global guide lines differ
from each other according to type. For example, a certain global guide
line defines a password as being valid for 60 days, whereas another
global guideline defines a password as being valid 180 days.

[0603] In the drafting phase, individual rules are defined so as to comply
with the most rigorous requirements. Some of organizations may consider
that rules of a security policy draft are unacceptably rigorous. In such
a case, the rules are preferably changed to less rigorous rules.

[0604] In a case where a rule for defining a single password as being
valid for 60 days is considered to be unacceptably rigorous, the duration
of validation of a password is changed to 180 days after discussions with
the organization. Thus, a rigorous rule is changed to a less rigorous
rule.

[0605] In this way, so long as the severity of each rule is changed in
consideration of the result of comparison organization's intent and
rigorousness of the rule, a security policy matching a real information
system can be established.

[0606] A security policy draft is adjusted in the manner as mentioned
above.

[0607] D-2 Adjustment of Rules

[0608] On the basis of the measures described in connection with level-2
inspection and analysis, operation rules of the real information system
are adjusted. Adjustment of rules means modifications to an operating
method and modifications to rule settings of a security system (e.g., a
firewall).

[0609] E Step 5: Priority Planning

[0610] Establishment of a security policy for the real information system
of an organization is completed by step 4.

[0611] Security measures must be sequentially performed in accordance with
the thus-established security policy. In step 5, measures are examined in
consideration of priority and are described in a list. Preparation of
such a list enables planning of future security measures, and a budget
can also be examined on the basis of the plan. Without such a list,
forecasting costs for future information security would be difficult,
thus imposing difficulty in drawing up a budget.

[0612] Security measures include training for compelling members to
respect a security policy and analysis of system logs as well as
introduction and testing of a security system.

[0613] A security policy includes monitoring of a network, auditing of
operations on the basis of a security policy, and review of a security
policy.

[0614] There may be a case where a security policy must be modified in
accordance with a change in the organization's information system or a
change in the operation of an information system. For this reason, the
security policy must be reviewed periodically.

[0615] F Step 6: Implementation of Security Enhancement Measures

[0616] On the basis of the security measures list which has been prepared
in step 5 in consideration of priority, security enhancement measures are
actually implemented. Security enhancement measures can be smoothly
implemented in accordance with the list and the security policy.

[0617] In the first embodiment, processing from establishment of a
security policy to maintenance thereof is performed in six steps.
Therefore, a security policy can be established and implemented stepwise
and can be implemented in consideration of organization's desires.

[0618] Second Embodiment (Consideration of field of business)

[0619] The first embodiment has described an example in which inquiries
are changed in accordance with job specifications of members belonging to
an organization. However, no particular consideration is paid to the
field of business of an organization.

[0620] For instance, a security policy to be established in an
organization in the financial industry differs from that to be
established in an organization in the manufacturing industry.

[0621] For this reason, in the second embodiment, establishment of a
security policy in consideration of the field of business of an
organization is put forward.

[0622] The security policy draft preparation apparatus 20 shown in FIG. 4
changes inquiries in accordance with job specifications of a member. In
addition to changes in inquiries, in the second embodiment there will be
described a case in which inquiries are changed in accordance with the
field of business of an organization.

[0623] FIG. 9 is a block diagram showing the configuration of a security
policy draft establishment device 120 according to a second embodiment of
the present invention.

[0625] One of differences between the security policy draft establishment
devices 20 and 120 lies in that the security policy draft establishment
device 120 has inquiry preparation means 122 for preparing inquiries on
the basis of the field of business of an organization to which members to
be interviewed belong.

[0626] Inquiries which vary according to field of business are stored in
storage means 124 before hand. On the basis of an entered field of
business, the inquiry preparation means 122 reads from the storage means
124 inquiries corresponding to the field of business.

[0628] This configuration enables establishment of a more elaborate
security policy by means of preparing inquiries corresponding to the
field of business of the organization.

[0629] For instance, an inquiry stating "How is a depositor list managed?"
is to be prepared for an organization pertaining to the financial
industry. However, generation of this inquiry for an organization
belonging to the manufacturing industry is meaningless. Conversely, an
inquiry stating "How is progression data pertaining to each manufacturing
lot managed?" is to be prepared for an organization belonging to the
manufacturing industry. However, generation of this inquiry for an
organization belonging to the financial industry is meaningless.

[0630] Consequently, in the second embodiment, inquiries are changed
according to the field of business of an organization, and more detailed
inquiries can be made, so that details of an organization's information
system (including operation and management of the system) can be
ascertained more thoroughly.

[0631] Here, a change in inquiries means a change in a course of
inquiries, as in the case of job specifications. More specifically, a
course including inquiries aimed at the financial industry is applied to
an organization belonging to the financial industry. Further, a menu
including inquiries aimed at the manufacturing industry is applied to an
organization belonging to the manufacturing industry. In each course, the
next inquiry to be submitted is changed in accordance with the answer
submitted by a member in response to the preceding inquiry, as in the
case of the first embodiment.

[0632] A draft preparation means 128 shown in FIG. 9 is essentially
identical with the draft preparation means 28 shown in FIG. 4. On the
basis of answers responding to more detailed inquiries prepared by the
inquiry preparation means 122, the draft preparation means 128 prepares a
security policy draft. Consequently, as mentioned previously, a more
detailed security policy draft can be prepared.

[0633] Operation required for preparing a security policy draft according
to the second embodiment is substantially identical with that described
in the flowchart shown in FIG. 5.

[0634] A difference between the operation employed in the second
embodiment and that described in connection with the first embodiment
lies in that in step S5-1 the field of business of an organization is
supplied to the inquiry preparation means 122, as in the case of job
specifications of a member. As a result, the inquiry preparation means
122 can prepare appropriate inquiries on the basis of the job
specifications of members and the field of business of an organization.

[0635] In the second embodiment, inquiries are prepared in consideration
of the field of business of an organization. Hence, an organization's
information security system can be ascertained in more detail through an
interview. Consequently, establishment of a more detailed security policy
becomes feasible.

[0636] Although the above description has described an example in which
inquiries are changed according to the field of business of an
organization, inquiries may be changed according to the scale of an
organization.

[0637] In the above description, a change in the course of inquiries has
been taken as an example change in inquiries. However, methods of other
types can be employed. For instance, it is desirable to have determined a
basic framework of inquiry statements in advance and to change terms in
the inquiry statements in compliance with the field of business of an
organization. More specifically, there is a conceivable method in which,
although "president" is used in inquiry statements aimed at general
corporations, the term "president" is switched to "bank president" in the
case of an inquiry statement being made to a bank.

[0638] Third Embodiment (Consideration of Recommendations and Regulations
in a Specific Industry)

[0639] In the example described in connection with the first embodiment, a
security policy is established on the basis of global guidelines (step
S5-4). In many cases, global guidelines are prepared in consideration of
a specific objective. However, the global guidelines are generally
constructed so that they may be used for general purpose.

[0640] In contrast to these general-purpose global guidelines,
recommendations and regulations within a specific industry are known. In
contrast with global guidelines, the recommendations and regulations
clearly state that they are aimed at a specific industry. There are many
cases where recommendations and regulations refer to information
security, and utilization of recommendations and regulations during
establishment of a security policy as in the case of global guidelines is
desirable.

[0641] For example, Japanese FISC (The Center for Financial Industry
Information Systems) lays down safety provisions and prevalence of a
security policy for ensuring security. FISC publishes a journal titled
"Safety Provision Standards for Computer Systems in Financial
Institutions."

[0642] In a third(this) embodiment, when a security policy aimed at the
financial industry is established, there is proposed establishment of a
security policy on the basis of "Safety Provision Standards for Computer
Systems in Financial Institutions" as well as on the basis of global
guidelines. As a result, in the field of a specific industry, a security
policy for the industry is established on the basis of recommendations
and regulations focused on the industry. Hence, establishment of a more
elaborate security policy becomes feasible.

[0643] The security policy draft preparation apparatus which utilizes
recommendations and regulations aimed at a specific industry shown in
FIG. 9 in connection with the third embodiment. FIG. 9 is a block diagram
showing the configuration of a security policy draft preparation
apparatus 220 according to the third embodiment. As illustrated, the
security policy draft preparation apparatus 220 is substantially
identical in configuration with the security policy draft preparation
apparatus 120 shown in FIG. 8. The difference between them lies in that
information concerning the field of business of an organization is
supplied to draft preparation means 228 as well as to inquiry preparation
means 222. On the basis of the field of business of an organization, the
draft preparation means 228 selects global guidelines to be used for
preparing a security policy draft. The number of global guidelines to be
selected is not limited to one; there may be a case where two or more
global guidelines maybe selected. Furthermore, the construction shown in
FIG. 9 has features as follows.

[0644] First, a point of novelty of the third embodiment lies in that
recommendations and regulations which are aimed at a specific industry
and are to be displayed before the users. The users can select any
recommendations and regulations on the basis of the industry of an
organization. For example, in the field of the financial industry,
preparation of a security policy (draft) utilizing recommendations and
regulations aimed at the financial industry becomes feasible through the
foregoing operations.

[0645] Second, information concerning recommendations and regulations
aimed at a specific industry is stored in a storage means 224 in the same
manner as is information concerning global guidelines. By means of the
thus-stored information, the inquiry preparation means 222 can prepare
inquiries in compliance with the recommendations and regulations
established for the industry to which an organization pertains. In
accordance with the thus-stored information, the draft preparation means
228 enables establishment of a security policy on the basis of the
recommendations and regulations established for the industry to which an
organization pertains.

[0646] Operation required for preparing a security policy draft according
to the third embodiment is essentially identical with that described in
connection with the flowchart shown in FIG. 5. Differences are as
follows:

[0647] First, instep S5-1 the field of business of an organization is
supplied to the inquiry preparation means 222, and inquiries complying
with the recommendations and regulations aimed at the industry to which
an organization pertains are prepared. If the user didn't select the such
recommendations or regulations displayed, then inquiries are prepared on
the basis of global guidelines, as in the case of the first through
second embodiments. And, if such recommendations or regulations are not
present, inquiries are prepared on the basis of global guidelines, as in
the case of the first through second embodiments, too.

[0648] Second, instep S5-4 the field of business of an organization is
supplied also to the draft preparation means 228. The draft preparation
means 228 prepares a security policy draft in compliance with the
recommendations and regulations aimed at the industry to which the
organization pertains. If the user didn't select such recommendations or
regulations displayed, a security policy draft is prepared on the basis
of global guidelines, as in the case of the first through second
embodiments. And, if such recommendations or regulations are not present,
a security policy draft is prepared on the basis of global guidelines, as
in the case of the first through second embodiments, too.

[0649] For example, an inquiry stating "Do you have personnel responsible
for a trunk network?" is prepared in accordance with global guidelines.
However, particularly in the case of the financial industry, an inquiry
stating "Do you have personnel responsible for an ATM (automatic teller
machine) network" is prepared in accordance with the "Safety Provision
Standards for Computer Systems in Financial Institutions" set forth.

[0650] Such an inquiry is prepared by means of the technique of "changing
an inquiry according to field of business" mentioned in connection with
the second embodiment. For example, if the field of business of an
organization is the financial industry, an inquiry complying with the
"Safety Provision Standards for Computer Systems in Financial
Institutions" is prepared and used for an interview. An expert system
which prepares such an inquiry can be configured, by means of utilizing
knowledge-based information including information about the "Safety
Provision Standards for Computer Systems in Financial Institutions."

[0651] Establishment of a security policy by use of such a technique
enables establishment of a more elaborate security policy.

[0652] Overlap between Items

[0653] In connection with items which do not appear in global guidelines
and appear in only the recommendations and regulations aimed at a
specific industry, it goes without saying that a security policy is
established on the basis of the recommendations and regulations.

[0654] Conversely, in connection with items which appear in only global
guidelines and not in the recommendations and regulations aimed at a
specific industry, a security policy is established on the basis of
global guidelines, as in the case of the first embodiment.

[0655] Further, in connection with items which appear in global guidelines
and in the recommendations and regulations aimed at a specific industry,
establishment of a security policy on the basis of the recommendations
and regulations is desirable.

[0656] Fourth Embodiment (designation of Global Guidelines by User)

[0657] Establishment of a security policy based on global guidelines or
recommendations and regulations aimed at a specific industry has been
described thus far.

[0658] It is considered that a user may desire to establish a security
policy on the basis of a certain global guideline. For example, in a
certain nation (e.g., the U.S.), a specific global guideline (e.g.,
COBIT) has already been utilized as a defacto standard global guideline
(COBIT will be described later). Against this backdrop, there are many
cases where establishment of a security policy on the basis of this
specific global guideline (e.g., COBIT) is desirable.

[0659] In the fourth embodiment, there is proposed construction of a
global guideline to be utilized in establishing a security policy such
that a user can designate the global guideline explicitly.

[0660] FIG. 10 is a block diagram showing the configuration of a security
policy draft preparation apparatus 320 according to the fourth
embodiment. As illustrated, information concerning the global guideline
designated by the user is supplied to an inquiry preparation means 322
and to a draft preparation means 328.

[0661] The inquiry preparation means 322 prepares an inquiry (or
inquiries) on the basis of job specifications of a member. In the fourth
embodiment, during preparation of inquiries the inquiry preparation means
322 prepares inquiries complying with the global guideline designated by
a user.

[0662] The draft preparation means 328 prepares a security policy draft on
the basis of the global guideline prescribed by the user.

[0663] Operation required for preparing a security policy draft according
to the fourth embodiment is substantially identical with that shown in
FIG. 5 exclusive of the following points of difference.

[0664] A first difference lies in that in step S501 an inquiry complying
with the global guideline prescribed by the user is prepared.

[0665] A second difference lies in that in step S5-4 a security policy
draft complying with the global guideline prescribed by the user is
prepared.

[0666] In the fourth embodiment, a global guideline to be used for
establishing a security policy can be selected. Inquiries are prepared in
compliance with the global guideline selected by the user, and a security
policy draft is prepared on the basis of answers to the inquiries.
Consequently, establishment of a security policy complying with the
global guideline desired by the user becomes feasible.

[0667] For example, if a user has selected BS7799 to be described later, a
security policy complying with (or to comply with) BS7788 can be
established.

[0668] Global Guidelines

[0669] Examples of widely known global guidelines are provided below.

[0670] (1) BS7799

[0671] BS7799 was established by the BSI (British Standards Institution)
in 1995. BS7799 prescribes fundamental management items (control) which
summarize best practices in connection with information security.

[0672] When information assets must be protected regardless of the scale
of an organization, in connection with an administration, an NGO (Non
Governmental Organization), or an NPO (Non Profit Organization), to say
nothing of an industry, standards of BS7799 are to be used as a code and
reference of one type when the range of information security is
clarified.

[0673] Hence, the standards of BS7799 have the same objective as that of
ISO/IEC 13335 "IT security management guidelines (GMITS)" or that of
ISO/IEC 15408 "IT security evaluation standards," which will be mentioned
later. BS7799 differs from the global guidelines in the following two
points.

[0674] First, other regulations specify details of security techniques
while IT is taken as an object. In contrast, BS7799 provides
comprehensive guides and references pertaining to a management system.
Second, the object of BS7799 is not limited to an electronic medium.
Various information assets, such as paper mediums, are taken as
objectives of security.

[0675] Recently, BS7799 has gained international attention. As a matter of
course, detailed individual control of information security is important.
The reason for this is attributable to the following perception. As can
be seen in requirements for system standards laid out in ISO 9000, a
perception that a system for creating a management plan (through analysis
of risk), monitoring distribution and management of required resources,
and objectively reviewing the plan is effective for information security
management is said to have become widespread.

[0676] BS7799 is constituted of two parts; that is, a first part relating
to standards for implementing information security management, and a
second part relating to specifications of an information security system.
The first part describes best practices and provides guidelines for
providing management advice. The second part describes development of a
management framework and references for "system audit." The first part
(BS7799-1) is now adopted by ISO as ISO17799.

[0677] (2) GASSP (Generally Accepted System Security Principles) is
intended for promoting good practice and alleviating risk and influence
of risk. GASSP employs an information security policy laid down by OECD
in the form of a hierarchical model and extends details of the policy.

[0678] A policy which is in the highest hierarchical level and serves as a
basic policy is called pervasive principles and posts a target security
concept.

[0679] The policy of the next hierarchical level is called broad function
principles and states specific implementation of the pervasive
principles.

[0680] The policy of the next lower hierarchical level is called detailed
principles and describes detailed security guidelines corresponding to an
environment.

[0681] The policies describe management of privacy of an individual and
that of an organization, as well as guidelines relating to management and
products.

[0682] (3) GMITS

[0683] GMITS (The Guidelines for the Management of IT Security) is
prepared by ISO (International Organization for Standardization). The
GMITS is intended for setting standards pertaining to operation,
management, and planning of the security of information technology.

[0684] GMITS consists of five parts:

[0685] Part 1: Concepts and models for IT Security

[0686] A general description of information security is provided in Part
1.

[0687] Part 2: Managing and Planning IT Security

[0688] Part 2 describes an operation analogous to a security life cycle.

[0689] Part 3: Techniques for the Management of IT Security

[0690] Part 3 describes details of the descriptions provided in Part 2.

[0691] Part 4: Selection of Safeguard

[0692] Part 4 describes the selection of security measures on the basis of
the security rules.

[0693] Part 5: Management Guidance on Network Security

[0694] Part 5 is draft version such as preliminary revision, as far as
now.

[0695] (4) ISO/IEC 15408 is a "Collection of Requirements" into which are
compiled requirements pertaining to a security function which products or
a system using information technology is to have (i.e., functional
requirements) and requirements for seeking ascertainment of reliable
implementation of a security function during the process of proceeding
from the design phase to commercialization of a product (guarantee
requirements).

[0696] (5) COBIT

[0697] COBIT (Control Objectives for Information and Related Technology)
shows good practices of security suitable for a framework of a process
extending over a plurality of fields and provides a manageable logical
structure. The good practices are prepared on the basis of the consent of
many experts. COBIT is a global guideline designed for serving in
resolving a business risk or a gap between the necessity of control and a
technical problem.

[0698] (6) EU Instructions

[0699] Here, EU instructions are officially known as "Instructions issued
by the European Parliament and Board with regard to protection of an
individual in connection with personal data processing and to free
transfer of personal data." The EU instructions specify general rules
concerning the legitimacy of personal data processing. More specifically,
the EU instructions specify the principle of data quality, a principle on
grounds for legitimacy of data processing, information to be given to a
person whose personal data are to be processed, and the right of the
person to access his/her own data.

[0700] Fifth Embodiment (designation of rigorousness)

[0701] In the embodiments which have been described thus far, the
rigorousness of a security policy has been adjusted manually, namely by
user's operation in step S1-4 shown in FIG. 1.

[0702] However, when the rigorousness of a desired security policy has
been determined beforehand, it is desirable to reflect the desired
rigorousness on a security policy from the phase of preparation of
security policy draft in step S1-2.

[0703] In step S4-1 shown in FIG. 1, the rigorousness of each rule has
been artificially adjusted. However, if a user can define an indicator of
rigorousness, specify the rigorousness of a security policy using the
indicator, and automatically adjust the rigorousness of each rule on the
basis of the thus-prescribed rigorousness, convenience will be afforded
to the user.

[0704] The fifth embodiment is characterized in that the user can
objectively specify the rigorousness of a security policy in steps S1-2
or S1-4 shown in FIG. 1.

[0705] In order to implement designation by the user of rigorousness of a
security policy, in the sixth embodiment five types of indicators
representing the rigorousness of a security policy are defined. The
indicators are arranged in descending order of rigorousness. The "highest
level" indicator has the highest level of rigorousness, and an
"educational institution level" has the lowest level of rigorousness.

[0706] (1) Highest Level: representing the level of security rigorousness
considered to be required by a government or a military organization;

[0707] (2) Financial Level: representing the level of security
rigorousness considered to be required by a financial institution;

[0708] (3) International Level: representing the level of security
rigorousness considered to be required by international enterprises;

[0709] (4) General Level: representing the level of security rigorousness
considered to be required by domestic enterprises;

[0710] (5) Educational Institution Level: representing the level of
rigorousness considered to be required by an educational institution.

[0711] Here, examples of five levels of security rigorousness are
illustrated. As a matter of course, three levels of security
rigorousness; namely, a highest level of security rigorousness, a medium
level of security rigorousness, and a lowest level of security
rigorousness, may be adopted.

[0712] 5-A Establishment of Security Policy for which Rigorousness has
been designated

[0713] Utilization of indicators of rigorousness of a security policy in
step S1-2 (FIG. 1) will now be described. When preparing a security
policy draft in step S1-2 (FIG. 1), the user selects a desired security
rigorousness from the above-described five levels of security
rigorousness and instructs the selected level of security rigorousness to
the draft preparation apparatus 20.

[0714] By means of the indicator of rigorousness, the user extracts from
global guidelines a regulation having a desired rigorousness, thereby
enabling preparation of a security policy draft of rigorousness desired
by the user. Many of the global guidelines include indicators
representing the rigorousness of a security policy. Hence, preparation of
a security policy draft of desired rigorousness is feasible.

[0715] Extraction operation is to incorporate knowledge concerning the
rigorousness of each global guideline into knowledge-based information,
and to extract an appropriate rule from global guidelines on the basis of
an indicator prescribed by the user by utilization of the knowledge-based
information. Knowledge about rigorousness of each of global guidelines is
knowledge produced by linking the five levels of security rigorousness
with regulations corresponding to the indicators of rigorousness. Through
use of such knowledge, regulations corresponding to a given indicator of
rigorousness can be selected from the global guidelines.

[0716] FIG. 11 is a block diagram showing the configuration of a security
policy draft preparation apparatus 420 according to a fifth embodiment of
the present invention. As illustrated, an indicator of rigorousness
prescribed by the user is delivered to draft preparation means 428 in the
security policy draft preparation apparatus 420.

[0717] On the basis of the indicator of rigorousness prescribed by the
user, the draft preparation means 428 prepares a security policy draft.
As mentioned above, a preparation operation is effected to use the
knowledge-based information knowledge about a policy matching the
prescribed indicator of rigorousness, and to extract from global
guidelines a policy matching an indicator of rigorousness on the basis of
the knowledge-based information. Briefly, this operation corresponds to
pre-arrangement of a rule concerning setting of a policy in connection
with a certain indicator of rigorousness (in the knowledge-based
information).

[0718] Operation required for establishing a security policy according to
the fifth embodiment is essentially identical with that described in
connection with the flowchart shown in FIG. 5, exclusive of the following
two points:

[0719] First, in step S5-1 the inquiry preparation means 422 prepares
inquiries on the basis of the level of rigorousness prescribed by the
user. "Level of rigorousness" has a smaller effect on inquiries than do
other parameters (i.e., a field of business). In general, as the level of
rigorousness is increased, prepared inquiries concern items of greater
detail. Further, as the level of rigorousness is decreased, inquiries
about detailed items are newly prepared.

[0720] It is considered that the rigorousness of a security policy is
reset to a higher level after establishment of the security policy. In
this case, a higher level of rigorousness prescribed by the user is
supplied also to inquiry preparation means 422. Hence, the inquiry
preparation means 422 prepares inquiries concerning items of greater
detail. Consequently, there may arise a case where inquiries are provided
to members (i.e., interrogees) of an organization once again in part.

[0721] If the level of rigorousness of a security policy is reset to a
lower level, there is usually no chance of generating new inquiries.
Consequently, in this case, a new security policy can be established
immediately without implementation of inquiries.

[0722] Second, in step S5-4 the indicator of rigorousness prescribed by
the user is supplied to the draft preparation means 428, and the draft
preparation means 428 prepares a security policy draft on the basis of
the indicator of rigorousness.

[0723] The operation required for establishing a security policy according
to the fifth embodiment is essentially identical with that described in
connection with the flowchart shown in FIG. 5, exclusive of the
above-described two points.

[0724] 5-B Adjustment of Security Policy for which Level of Rigorousness
has been designated

[0726] The rigorousness inspection means 502 supplies a security policy
draft produced by means of the operations up to step S1-3 (FIG. 1) On the
basis of an indicator of rigorousness prescribed by the user, the
rigorousness inspection means 502 inspects so as to determine whether
each of the rules in a security policy draft matches the rigorousness
prescribed by the user. If the result of inspection shows that each of
the rules matches the prescribed rigorousness, the rules are output in
their present forms. If some of the rules fail to match the prescribed
rigorousness, the rules are supplied to rigorousness adjustment means
504. On the basis of the indicator of rigorousness prescribed by the
user, the rigorousness adjustment means 504 rewrites the thus-supplied
rules and outputs rewritten rules. Information pertaining to correlation
between global guidelines, respective rules in the global guidelines, and
an indicator of rigorousness is stored in the storage means 508.

[0728] In step S13-1, a security policy draft is supplied to the
rigorousness inspection means 502.

[0729] In step S13-2, the rigorousness inspection means 502 inspects so as
to determine whether each of rules in the supplied security policy draft
matches the indicator of rigorousness prescribed by the user. If the
rules match the indicator of rigorousness, processing proceeds to step
S14-3 to be described later. In contrast, if some of the rules fail to
match the indicator of rigorousness, processing proceeds to step S14-4.
In step S13-4, the rules which fail to match the indicator of
rigorousness are changed so as to match the indicator, by means of the
rigorousness adjustment means 504 and by utilization of information
pertaining to correlation between the rules provided in the global
guidelines and the indicator of rigorousness, which information is stored
in the storage means 506. The information pertains to an indicator of
rigorousness corresponding to each of the rules provided in the global
guidelines. Utilization of the information enables ascertainment of rules
matching the indicator of rigorousness prescribed by the user. The
thus-ascertained rules are extracted from the global guidelines stored in
the storage means 506. Rules which fail to match the indicator of
rigorousness are replaced with the thus-extracted rules.

[0730] In step S13-3, the merging means 508 merges the rules that have
from the beginning matched the indicator of rigorousness with the altered
rules, and outputs the thus-merged rules.

[0731] Thus, each of the rules provided in the security policy draft can
be matched with an indicator of rigorousness prescribed by the user.

[0732] The rigorousness inspection means 502, the rigorousness adjustment
means 504, and the merging means 508 according to the fifth embodiment
are preferably implemented in the form of software which runs on a
computer. Further, the storage means 506 is preferably embodied as a
storage medium, such as a hard disk drive, CD-ROM, or DVD.

[0733] Relationship between Rule and Indicator of Rigorousness

[0734] A more detailed explanation is given of a case where in step S13-2
no match has been determined to exist between the rigorousness of rules
and the indicator of rigorousness prescribed by the user.

[0735] If the rigorousness of the rules is of lower level than the
rigorousness indicated by the indicator, the rules are determined to fail
to match the indicator of rigorousness. The rules are replaced with rules
of higher rigorousness level.

[0736] For example, if the rules are of an educational institution level
and the rigorousness prescribed by the user is of a financial level, the
rules are replaced with rules of a financial level. Moreover, a period of
validity of a password is shortened from 120 days to 30 days. Thus, rules
are replaced with more rigorous rules.

[0737] If rules are higher in level than the indicator of rigorousness,
the rules are determined to fail to match the indicator of rigorousness.
The rules are replaced with rules of lower rigorousness level.

[0738] If rules are at a highest level of rigorousness and the level of
rigorousness prescribed by the user is at a general level, the rules are
replaced with rules of general level of rigorousness. For example, in the
case of rules of highest level of rigorousness, a period of validity of a
password is one week. If the level of the rules is too rigorous, the user
prescribes a general level of rigorousness. As a result, the period of
validity of a password is extended to 100 days, and the rules are
replaced with rules of lower level of rigorousness.

[0739] Sixth Embodiment (Selection of Range of Establishment)

[0740] In the embodiments which have been described thus far, a security
policy is prepared for the entirety of an organization. However, it is
considered that there are many desires to establish a security policy for
only a portion of the system of the organization.

[0741] The user prescribes a range within which a security policy is to be
established. If an apparatus and method for establishing a security
policy are adopted on the basis of the range, the user can establish a
security policy within only an area where establishment of a security
policy is desired, thus affording convenience to a user.

[0742] FIG. 14 is a block diagram showing the configuration of a security
policy draft preparation apparatus 520. The thus-illustrated security
policy draft preparation apparatus 520 is identical in configuration with
the security policy preparation apparatus 320 described by reference to
FIG. 10 and with the security policy preparation apparatus 420 described
by reference to FIG. 11.

[0743] The two following points of difference are present.

[0744] A range of establishment of a security policy prescribed by the
user is supplied to the draft preparation means 528.

[0745] A range of establishment of a security policy prescribed by the
user is supplied to the inquiry preparation means 522.

[0746] By means of such a configuration, the draft preparation means 528
establishes a security policy within a range prescribed by the user, and
hence the user can efficiently establish a security policy within a
required range.

[0747] Further, the inquiry preparation means 522 prepares only inquiries
about the range prescribed by the user, and hence useless inquiries are
obviated, thus enabling conduct of efficient inquiries. Here, provision
of the range prescribed by the user to the inquiry preparation means 522
is not inevitable. The reason for this is that the number of inquiries
does not affect establishment of a security policy. If inquiries are
irrelevant to the range prescribed by the user, an interviewer can skip
the inquiries at the time of an interview. Consequently, supply of the
range prescribed by the user to the inquiry preparation means 522 is not
indispensable.

[0748] The user can specify the range of establishment of a security
policy by means of various methods.

[0749] (1) First, the user can specify the range of establishment of a
security policy on a product level. For example, if the user desires to
establish a security policy concerning only "VPN," the user can establish
a security policy concerning VPN by means of prescribing "VPN." By means
of prescribing specific hardware or software, such as a WEB, an E-mail,
or a firewall, or specific functions thereof, the user can specify
establishment of a security policy concerning specific hardware or
software.

[0750] Next, the user prescribes the range of establishment of a security
policy according to an object of use of the security policy. For example,
the user desires to establish a security policy only an "outside
subcontract," a security policy can be established with regard to an area
which is turned over to an outside contractor. The user can specify
establishment of a security policy within a range of object of use or
purpose, by means of prescribing the object of use of or purpose of
electronic trading (E commerce) or a data center.

[0751] (3) Further, the user can specify the range of establishment of a
security policy from the viewpoint of organizational structure. For
example, if the user desires to establish a security policy in connection
with only the "home office," the user can establish a security policy
pertaining to the home office, by means of prescribing the "home office."
If the user prescribes branch offices, a security policy pertaining to
branch offices can be established. Moreover, the user can establish a
security policy pertaining to a network or a security policy pertaining
to a host by means of prescribing a network or a host.

[0752] Operation required for establishing a security policy according to
the seventh embodiment is essentially identical with that shown in FIG.
5, exclusive of the following points of differences.

[0753] First, in step S5-4 shown in FIG. 5 a security policy draft is
established on the basis of the range prescribed by the user.

[0754] Second, in step S5-1 shown in FIG. 5 inquiries pertaining to only
the range prescribed by the user are prepared.

[0755] The second point of difference is not inevitable. As has been
described, even when inquiries fall outside the range prescribed by the
user, such inquiries do not directly pose a problem on establishment of a
security policy. Further, it is also considered that an interviewer skips
such inquiries, as required. Hence, there is no problem even when
inquiries are identical with those described in connection with the first
embodiment.

[0756] The draft preparation means 528 shown in FIG. 14 establishes a
security policy draft. To this end, knowledge-based information
concerning ranges within which the rules provided in the global
guidelines fall is established in the storage means 524. More
specifically, in the storage means 524 are stored knowledge-based
information concerning whether rules fall within the range of "home
office" or the range of "branch offices." By reference to the
knowledge-based information, the draft establishment means 528
establishes a security policy (draft) through use of only the rules
falling within the range prescribed by the user.

[0757] In this way, in the sixth embodiment, a security policy (draft) can
be prepared within the range prescribed by the user.

[0758] The sixth embodiment has described an example in which the inquiry
preparation means 522 prepares inquiries in accordance with job
specifications of a member (or interviewee), as in the case of the first
embodiment (FIG. 14). Here, the inquiry preparation means 522 may be
arranged so as to provide a member with general inquiries regardless of
his job specifications.

[0759] Seventh Embodiment (Programs and a Recording Medium)

[0760] Preferably, the means which have been described thus far are
actually embodied as programs and a processor executing the program.

[0762] Programs for performing operations of the inquiry preparation means
12, the answer archival storage means 16, and the draft preparation means
18 described in connection with the first through seventh embodiments are
stored in the hard disk drive 600. As a result of a processor of the
computer 602 executing the programs, the computer 602 enables
implementation of operations corresponding to the inquiry preparation
means, the answer archival storage means, and the draft preparation
means.

[0763] Programs for effecting operation of the contradiction inspection
means 32, that of the contradiction output means 40, that of the matching
means 41, that of the virtual information system establishment means 34,
that of the difference output means 38, and that of the real system input
means 36, all the means being shown in FIG. 7, are stored in the hard
disk drive 600. By means of the processor of the computer 602 executing
these programs, the computer 602 can effect operation of the
contradiction inspection means 32 and operations of the other means.

[0764] Preferably, the storage means 14 described in connection with the
embodiments is provided in the hard disk drive 600.

[0765] An operator of the computer 602 launches the foregoing programs,
thereby generating inquiries and entering, by way of a keyboard 604,
answers to the inquiries from members of an organization. As a matter of
course, answers may be entered by use of an input device such as a mouse.

[0766] FIG. 15 shows an example in which programs run on the computer 602
of so-called standalone type. However, programs may be supplied over a
network.

[0767] For example, there is preferably adopted an arrangement in which a
client computer executes or downloads the foregoing programs stored in a
server each time execution of the programs is required.

[0768] Security Policy Draft

[0769] The first through eighth embodiments have primarily described
preparation of a security policy draft. Needless to say, the security
policy draft preparation apparatus can be used for establishing a
security policy which is not a draft. In other words, the security policy
draft preparation apparatus doubles as a security policy establishment
apparatus, and the method of preparing a security policy draft doubles as
a method of establishing a security policy. The draft preparation means
doubles as a security policy establishment means.

[0770] As has been described above, according to the present invention,
inquiries are submitted to members of an organization, and a security
policy is established on the basis of the resultant answers. Accordingly,
a security policy can be established easily.

[0771] Further, a security policy is established stepwise, and hence
flexible establishment of a security policy can be implemented while
taking into consideration the organization's desires (e.g., a budget or
the like).

[0772] According to the present invention, the state of information
security of an organization is determined, so that the organization can
be come aware of the importance of information security.

[0773] Since security measures can be provided together with the priority
thereof, planning of measures for future information security becomes
easy. Moreover, the organization can discuss a budget on the basis of the
plan.

[0774] According to the present invention, a security policy can be
established in consideration of line of business.

[0775] According to the present invention, the user can specify global
guidelines to be used for establishing a security policy.

[0776] According to the present invention, a security policy is
established through use of recommendations and regulations aimed at a
specific line of business other than global guidelines. Hence, an
elaborate security policy more preferably matching line of business can
be established.

[0777] According to the present invention, the user can specify the level
of rigorousness of security policy through use of an indicator of
rigorousness. Further, according to the present invention, the level of
rigorousness of a security policy can be adjusted through use of an
indicator of rigorousness.

[0778] According to the present invention, the range of establishment of a
security policy can be explicitly prescribed by the user. As a result,
establishment of a security policy for a portion of an organization can
be effected.